Splunk User
3 years ago
parent
add37c0b8f
commit
a25d8fae8a
@ -0,0 +1,225 @@
|
||||
<!-- Version 5.0 -->
|
||||
|
||||
<!-- datetime.xml -->
|
||||
<!-- This file contains the general formulas for parsing date/time formats. -->
|
||||
|
||||
<datetime>
|
||||
|
||||
<define name="_year" extract="year">
|
||||
<text><![CDATA[(20\d\d|19\d\d|[9012]\d(?!\d))]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_month" extract="month">
|
||||
<text><![CDATA[(0?[1-9]|1[012])(?!:)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_litmonth" extract="litmonth">
|
||||
<text><![CDATA[(?<![\d\w])(jan|\x{4E00}\x{6708}|feb|\x{4E8C}\x{6708}|mar|\x{4E09}\x{6708}|apr|\x{56DB}\x{6708}|may|\x{4E94}\x{6708}|jun|\x{516D}\x{6708}|jul|\x{4E03}\x{6708}|aug|\x{516B}\x{6708}|sep|\x{4E5D}\x{6708}|oct|\x{5341}\x{6708}|nov|\x{5341}\x{4E00}\x{6708}|dec|\x{5341}\x{4E8C}\x{6708})[a-z,\.;]*]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_allmonth" extract="litmonth, month">
|
||||
<text><![CDATA[(?:]]></text>
|
||||
<use name="_litmonth"/>
|
||||
<text><![CDATA[|]]></text>
|
||||
<use name="_month"/>
|
||||
<text><![CDATA[)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_day" extract="day">
|
||||
<text><![CDATA[(0?[1-9]|[12]\d|3[01])]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_usday" extract="day">
|
||||
<use name="_day"/>
|
||||
<text><![CDATA[(?:st|nd|rd|th|[,\.;])?]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_hour" extract="hour">
|
||||
<text><![CDATA[([01]?[0-9]|[012][0-3])(?!\d)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_minute" extract="minute">
|
||||
<text><![CDATA[([0-6]\d)(?!\d)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_second" extract="second">
|
||||
<text><![CDATA[([0-6]\d)(?!\d)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_zone" extract="zone">
|
||||
<text><![CDATA[((?:(?:UT|UTC|GMT(?![+-])|CET|CEST|CETDST|MET|MEST|METDST|MEZ|MESZ|EET|EEST|EETDST|WET|WEST|WETDST|MSK|MSD|IST|JST|KST|HKT|AST|ADT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|CAST|CADT|EAST|EADT|WAST|WADT|Z)|(?:GMT)?[+-]\d\d?:?(?:\d\d)?)(?!\w))?]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_ampm" extract="ampm">
|
||||
<text><![CDATA[([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348})?]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_time" extract="hour, minute, second, subsecond, ampm, zone">
|
||||
<text><![CDATA[(?<!\d)]]></text>
|
||||
<use name="_hour"/>
|
||||
<text><![CDATA[:]]></text>
|
||||
<use name="_minute"/>
|
||||
<text><![CDATA[:]]></text>
|
||||
<use name="_second"/>
|
||||
<text><)? {0,2}]]></text>
|
||||
<use name="_ampm"/>
|
||||
<text><![CDATA[ {0,2}]]></text>
|
||||
<use name="_zone"/>
|
||||
<text><![CDATA[(?!:\d)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_hmtime" extract="hour, minute, ampm">
|
||||
<text><![CDATA[(?<!\d)]]></text>
|
||||
<use name="_hour"/>
|
||||
<text><![CDATA[:]]></text>
|
||||
<use name="_minute"/>
|
||||
<text><![CDATA[(?: ([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348}))?(?!:[:\d])]]></text>
|
||||
</define>
|
||||
|
||||
|
||||
<define name="_dottime" extract="hour, minute, second, subsecond, zone">
|
||||
<text><![CDATA[(?<![\d\.])([01]\d|2[0-3])\.]]></text>
|
||||
<use name="_minute"/>
|
||||
<text><![CDATA[(?:\.?]]></text>
|
||||
<use name="_second"/>
|
||||
<text><![CDATA[(?:[:,]\d+)?(?:\.(\d\d\d\d+))?) {0,2}]]></text>
|
||||
<use name="_zone"/>
|
||||
<text><![CDATA[(?![0-9\.])]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_combdatetime" extract="year, month, day, hour, minute, second, subsecond">
|
||||
<!-- ... 20060502-000002 GMT ... -->
|
||||
<text><![CDATA[(?<![\d\.])(20\d\d)(0\d|1[012])([012]\d|3[01])[.-]?([01]\d|2[0123])([0-6]\d)([0-6]\d)(?:\.?(\d+))?]]>\s*</text>
|
||||
<use name="_zone"/>
|
||||
</define>
|
||||
|
||||
<define name="_combdatetime2" extract="year, ignored_sep, month, day, hour, minute, second, zone">
|
||||
<!-- ... 2007-3-22 0:0:2 GMT ...' -->
|
||||
<!-- ... 2007/3/22 0:0:2 GMT ...' -->
|
||||
<text><![CDATA[(?<![\d\.])(20\d\d)([-/])([01]?\d)\2([012]?\d|3[01])\s+([012]?\d):([0-6]?\d):([0-6]?\d)]]>\s*</text>
|
||||
<use name="_zone"/>
|
||||
</define>
|
||||
|
||||
|
||||
|
||||
<define name="_usdate" extract="litmonth, month, ignored_sep, day, zone, ignored_sep2, year">
|
||||
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
|
||||
<use name="_allmonth"/>
|
||||
<text><![CDATA[([/\- ]) {0,2}]]></text>
|
||||
<use name="_day"/>
|
||||
<text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
|
||||
<use name="_zone"/>
|
||||
<text><![CDATA[)?((?:\3|,) {0,2}]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
|
||||
</define>
|
||||
|
||||
<!-- Jan 21, 09. allows spaces with litmonth only -->
|
||||
<define name="_usdate1" extract="litmonth, ignored_sep, day, zone, ignored_sep2, year">
|
||||
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
|
||||
<use name="_litmonth"/>
|
||||
<text><![CDATA[([/\- ]) {0,2}]]></text>
|
||||
<use name="_day"/>
|
||||
<text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
|
||||
<use name="_zone"/>
|
||||
<text><![CDATA[)?((?:\2|,) {0,2}]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
|
||||
</define>
|
||||
|
||||
<!-- 10/21/09. doesn't allow spaces (e.g. 10 21 09) with numeric month -->
|
||||
<define name="_usdate2" extract="month, ignored_sep, day, zone, ignored_sep2, year">
|
||||
<text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
|
||||
<use name="_month"/>
|
||||
<text><![CDATA[([/\-])]]></text>
|
||||
<use name="_day"/>
|
||||
<text><![CDATA[(?!:)(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
|
||||
<use name="_zone"/>
|
||||
<text><![CDATA[)?((?:\2)]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[)?(?!/|\w|\.\d)]]></text>
|
||||
</define>
|
||||
|
||||
|
||||
<define name="_isodate" extract="year, ignored_sep, litmonth, month, day">
|
||||
<text><![CDATA[(?<![\w\d])]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[([\./\- ])]]></text>
|
||||
<use name="_allmonth"/>
|
||||
<text><![CDATA[(?!\d)(?:[\./\- ] {0,2})?]]></text>
|
||||
<use name="_day"/>
|
||||
<text><![CDATA[(?!/)(?:(?=T)|(?!\w)(?!\.\d))]]></text>
|
||||
</define>
|
||||
|
||||
<!-- eurodate format. period/dot delim separated out to eurodate2 -->
|
||||
<define name="_eurodate1" extract="day, ignored_sep, litmonth, month, year">
|
||||
<text><![CDATA[(?<![\w\.])]]></text>
|
||||
<use name="_usday"/>
|
||||
<text><![CDATA[([\- /]) {0,2}]]></text>
|
||||
<use name="_allmonth"/>
|
||||
<text><![CDATA[\2 {0,2}]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[(?![\w\.])]]></text>
|
||||
</define>
|
||||
|
||||
<!-- just period/dot delimiter. do not allow any spaces after dots (e.g. "version 5.4. 10" -->
|
||||
<define name="_eurodate2" extract="day, litmonth, month, year">
|
||||
<text><![CDATA[(?<![\w\.])]]></text>
|
||||
<use name="_usday"/>
|
||||
<text><![CDATA[\.]]></text>
|
||||
<use name="_allmonth"/>
|
||||
<text><![CDATA[\.]]></text>
|
||||
<use name="_year"/>
|
||||
<text><![CDATA[(?![\w\.])]]></text>
|
||||
</define>
|
||||
|
||||
|
||||
<define name="_bareurlitdate" extract="day, litmonth, year">
|
||||
<text><![CDATA[(\d\d?)\|\|(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\|\|(20\d\d)]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_orddate" extract="year, ord">
|
||||
<text><![CDATA[\s([01]\d)([0123]\d\d)\s]]></text>
|
||||
</define>
|
||||
|
||||
<!-- due to high number of false positive matches, this format is
|
||||
limited to special cases. either at the start of a line or in
|
||||
filename matches only, by prefixing with a "source::" -->
|
||||
|
||||
<!-- don't allow multiple spaces after mashed date. indicates number in column -->
|
||||
<define name="_masheddate" extract="year, month, day">
|
||||
<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.|-)(?:20)?([9012]\d)(0\d|1[012])([012]\d|3[01])(?!\d|-| {2,})]]></text>
|
||||
</define>
|
||||
<define name="_masheddate2" extract="month, day, year">
|
||||
<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.)(0\d|1[012])([012]\d|3[01])(?:20)?([9012]\d)(?!\d| {2,})]]></text>
|
||||
</define>
|
||||
|
||||
<define name="_utcepoch" extract="utcepoch, subsecond">
|
||||
<!-- update regex before '2030' -->
|
||||
<text><![CDATA[((?<=^|[\s#,"=\(\[\|\{])(?:1[012345678])\d{8}|^@[\da-fA-F]{16,24})(?:\.?(\d{1,6}))?(?![\d\(])]]></text>
|
||||
</define>
|
||||
|
||||
<timePatterns>
|
||||
<use name="_time"/>
|
||||
<use name="_hmtime"/>
|
||||
<use name="_hmtime"/>
|
||||
<use name="_dottime"/>
|
||||
<use name="_combdatetime"/>
|
||||
<use name="_utcepoch"/>
|
||||
<use name="_combdatetime2"/>
|
||||
</timePatterns>
|
||||
<datePatterns>
|
||||
<use name="_usdate1"/>
|
||||
<use name="_usdate2"/>
|
||||
<use name="_isodate"/>
|
||||
<use name="_eurodate1"/>
|
||||
<use name="_eurodate2"/>
|
||||
<use name="_bareurlitdate"/>
|
||||
<use name="_orddate"/>
|
||||
<use name="_combdatetime"/>
|
||||
<use name="_masheddate"/>
|
||||
<use name="_masheddate2"/>
|
||||
<use name="_combdatetime2"/>
|
||||
</datePatterns>
|
||||
|
||||
</datetime>
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Configure instance as License Slave
|
||||
|
||||
[package]
|
||||
id = Conf_license_slave
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,9 @@
|
||||
# In distributed environments, it's common to have a lone search head acting
|
||||
# as the license master as well. In this configuration, providing the URI
|
||||
# of the license master is easiest within the indexer_base configuration.
|
||||
# In the event that there are multiple search heads, you could instead use
|
||||
# the org_all_license app, shipped to the non-license SH, as well as all of
|
||||
# the indexers. In either event, the settings are the same.
|
||||
|
||||
[license]
|
||||
master_uri = https://SVLCTPLOGLMR.jpit.com:8089
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Disable Kvstore on Indexers
|
||||
|
||||
[package]
|
||||
id = edf_idx_kvstore_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,4 @@
|
||||
# kvstore not needed on indexers, let's disable it
|
||||
# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
|
||||
[kvstore]
|
||||
disabled = true
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Enable receiving on Indexer layer
|
||||
|
||||
[package]
|
||||
id = edf_idx_receiver_port
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1 @@
|
||||
[splunktcp://9997]
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
Binary file not shown.
@ -0,0 +1,11 @@
|
||||
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Contient la configuration des volumes de données
|
||||
|
||||
[package]
|
||||
id = edf_idx_volume_indexes
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,7 @@
|
||||
[volume:primary]
|
||||
path = /data/splunk_data
|
||||
maxVolumeDataSizeMB = 60000
|
||||
|
||||
[volume:secondary]
|
||||
path = /data_cold/splunk_data
|
||||
maxVolumeDataSizeMB = 240000
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
Binary file not shown.
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = Mattys Hervé (OBS)
|
||||
description = Disable Web access on Indexers
|
||||
|
||||
[package]
|
||||
id = odin_idx_web_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,12 @@
|
||||
# In larger environments, where there are more than, say, three indexers,
|
||||
# it's common to disable the Splunk UI. This helps avoid configuration issues
|
||||
# caused by logging in to the UI to do something directly via the manager,
|
||||
# as well as saving some system resources.
|
||||
|
||||
[settings]
|
||||
startwebserver = 0
|
||||
|
||||
# avoid timeout when indexer loaded
|
||||
splunkdConnectionTimeout = 120
|
||||
|
||||
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
author = VABOS
|
||||
description = Configure Distributed Search for Monitoring Console
|
||||
version = 1.0
|
||||
|
||||
[package]
|
||||
id = MAQ_M-TIC_DSMC
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,19 @@
|
||||
[distributedSearch:dmc_group_search_head]
|
||||
servers = localhost:localhost
|
||||
[distributedSearch:dmc_group_cluster_master]
|
||||
|
||||
|
||||
[distributedSearch:dmc_group_license_master]
|
||||
|
||||
[distributedSearch:dmc_group_deployment_server]
|
||||
|
||||
[distributedSearch:dmc_group_indexer]
|
||||
default = false
|
||||
servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_group_shc_deployer]
|
||||
|
||||
[distributedSearch:dmc_group_kv_store]
|
||||
|
||||
[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
|
||||
servers = localhost:localhost,SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0
|
||||
author = VABOS
|
||||
description = Enable forwarding to Indexer layer
|
||||
|
||||
[package]
|
||||
id = m-tic_all_forwarding_outputs
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,12 @@
|
||||
# BASE SETTINGS
|
||||
|
||||
[tcpout]
|
||||
# Change here to specify the indexer group
|
||||
defaultGroup = m-tic_indexer
|
||||
maxQueueSize = 7MB
|
||||
useACK = true
|
||||
forceTimebasedAutoLB = true
|
||||
|
||||
[tcpout:m-tic_indexer]
|
||||
server = SVLCTPLOGIDX01.jpit.com:9997, SVLCTPLOGIDX02.jpit.com:9997
|
||||
~
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,4 @@
|
||||
[monitor:///var/rsyslog/*/catchother/*/*/*.log]
|
||||
disabled = false
|
||||
index = idx_m-tic_catchall
|
||||
sourcetype = catchall
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,4 @@
|
||||
[monitor:///var/rsyslog/*/cisco/.../*.log]
|
||||
disabled = false
|
||||
index = idx_m-tic_cisco
|
||||
sourcetype = cisco
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_update = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,12 @@
|
||||
[tcpout]
|
||||
defautlGroup = primary_indexers
|
||||
maxQueuSize = 100MB
|
||||
useACK = true
|
||||
forceTimebaseAutoLB = true
|
||||
forwardedindex.2.whitelist = (_audit|_introspection|_internal)
|
||||
|
||||
[tcpout:primary_indexers]
|
||||
server = SVLCTPLOGIDX01.jpit.com:9997, SVLCTPLOGIDX02.jpit.com:9997
|
||||
|
||||
#clientCert = $SPLUNK_HOME/etc/auth/server.pem
|
||||
#sslPassword =
|
||||
@ -0,0 +1,2 @@
|
||||
[sslConfig]
|
||||
sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Configure Cluster Master
|
||||
|
||||
[package]
|
||||
id = M-TIC_cluster_master_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,5 @@
|
||||
[clustering]
|
||||
cluster_label = Cluster_M-TIC
|
||||
mode = master
|
||||
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
|
||||
replication_factor = 2
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_update = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,3 @@
|
||||
[shclustering]
|
||||
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
|
||||
shcluster_label = M-TIC_shcluster
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,4 @@
|
||||
[monitor:///var/rsyslog/*/esxi/*/*/*.log]
|
||||
disabled = false
|
||||
index = idx_m-tic_esxi
|
||||
sourcetype = esxi
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,4 @@
|
||||
[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
|
||||
disabled = false
|
||||
index = idx_m-tic_fortigate
|
||||
sourcetype = fortigate
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
Binary file not shown.
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Configure default clustering options on Indexers
|
||||
|
||||
[package]
|
||||
id = M-TIC_idx_cluster_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,2 @@
|
||||
[edfZone]
|
||||
INDEXED = true
|
||||
@ -0,0 +1,6 @@
|
||||
[replication_port://9100]
|
||||
|
||||
[clustering]
|
||||
manager_uri = https://SVLCTPLOGCLM01.jpit.com:8089
|
||||
mode = peer
|
||||
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Configure default optimisation on Indexers
|
||||
|
||||
[package]
|
||||
id = edf_idx_indexes_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,65 @@
|
||||
[default]
|
||||
thawedPath = $SPLUNK_DB/$_index_name/thaweddb
|
||||
coldPath = volume:secondary/$_index_name/colddb
|
||||
homePath = volume:primary/$_index_name/db
|
||||
tstatsHomePath = volume:primary/$_index_name/datamodel_summary
|
||||
tsidxWritingLevel = 4
|
||||
journalCompression = zstd
|
||||
enableDataIntegrityControl = 0
|
||||
enableTsidxReduction = 0
|
||||
archiver.enableDataArchive = 0
|
||||
compressRawdata = 1
|
||||
enableOnlineBucketRepair = 1
|
||||
rtRouterQueueSize =
|
||||
rtRouterThreads =
|
||||
selfStorageThreads =
|
||||
suspendHotRollByDeleteQuery = 0
|
||||
syncMeta = 1
|
||||
maxTotalDataSizeMB = 5000
|
||||
|
||||
[idx_m-tic_windows]
|
||||
|
||||
[idx_m-tic_fortigate]
|
||||
|
||||
[idx_m-tic_linux]
|
||||
|
||||
[idx_m-tic_esxi]
|
||||
|
||||
[vmware-esxilog]
|
||||
|
||||
[vmware-perf-metrics]
|
||||
datatype = metric
|
||||
|
||||
[vmware-inv]
|
||||
|
||||
[vmware-taskevent]
|
||||
|
||||
[vmware-vclog]
|
||||
|
||||
[idx_m-tic_alcatel]
|
||||
|
||||
[idx_m-tic_cisco]
|
||||
|
||||
[idx_m-tic_switch]
|
||||
|
||||
[idx_m-tic_catchall]
|
||||
|
||||
[idx_m-tic_catchother]
|
||||
|
||||
[idx_m-tic_other]
|
||||
|
||||
[idx_m-tic_glpi]
|
||||
|
||||
[idx_m-tic_glpi_vm]
|
||||
|
||||
[idx_m-tic_glpi_kb]
|
||||
|
||||
[idx_m-tic_glpi_sep]
|
||||
|
||||
[idx_m-tic_glpi_obsolescence]
|
||||
|
||||
[idx_m-tic_genetec_sc]
|
||||
|
||||
[idx_ldap]
|
||||
|
||||
[idx_m-tic_synology]
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,5 @@
|
||||
[monitor:///var/rsyslog/*/linux/.../*.log]
|
||||
disabled = 0
|
||||
host_segment = 6
|
||||
index = idx_m-tic_linux
|
||||
sourcetype = syslog_linux
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,17 @@
|
||||
[clustering]
|
||||
mode = searchhead
|
||||
manager_uri = clustermanager:one
|
||||
|
||||
[clustermanager:one]
|
||||
manager_uri = https://SVLCTPLOGCLM01.jpit.com:8089
|
||||
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
|
||||
multisite = false
|
||||
|
||||
[shclustering]
|
||||
shcluster_label = M-TIC_shcluster
|
||||
conf_deploy_fetch_url = https://SVLCTPLOGSUP01.jpit.com:8089
|
||||
pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
|
||||
|
||||
[httpServer]
|
||||
maxThreads = 150000
|
||||
maxSockets = 250000
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
acces = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,11 @@
|
||||
[launcher]
|
||||
version = 1.0.0
|
||||
author = VABOS
|
||||
description = Configure Search Head for IDX Clustering
|
||||
|
||||
[package]
|
||||
id = M-TIN_sh_idxcluster_base
|
||||
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
@ -0,0 +1,9 @@
|
||||
[general]
|
||||
site = site2
|
||||
|
||||
[clustering]
|
||||
multisite = true
|
||||
master_uri = https://SVLCTPLOGCLM01.jpit.com:8089
|
||||
mode = searchhead
|
||||
pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza
|
||||
|
||||
@ -0,0 +1 @@
|
||||
# Autogenerated file
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_update = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,6 @@
|
||||
# One Volume for Hot and Cold
|
||||
[volume:primary]
|
||||
path = /opt/splunk/var/lib/splunk
|
||||
|
||||
[volume:secondary]
|
||||
path = /opt/splunk/var/lib/splunk
|
||||
@ -0,0 +1,9 @@
|
||||
[install]
|
||||
state = enabled
|
||||
|
||||
[package]
|
||||
check_for_updates = false
|
||||
|
||||
[ui]
|
||||
is_visible = false
|
||||
is_manageable = false
|
||||
@ -0,0 +1,7 @@
|
||||
[WinEventLog]
|
||||
interval=60
|
||||
evt_resolve_ad_obj = 0
|
||||
evt_dc_name=
|
||||
evt_dns_name=
|
||||
index = idx_m-tic_windows
|
||||
sourcetype = events_windows
|
||||
@ -0,0 +1,3 @@
|
||||
[]
|
||||
access = read : [ * ], write : [ admin ]
|
||||
export = system
|
||||
@ -0,0 +1,30 @@
|
||||
[distributedSearch:dmc_group_cluster_master]
|
||||
servers = SVLCTPLOGCLM01.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_group_deployment_server]
|
||||
servers = localhost:localhost
|
||||
|
||||
[distributedSearch:dmc_group_kv_store]
|
||||
servers = SVLCTPLOGCLM01.jpit.com:8089,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_group_search_head]
|
||||
servers = SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:808
|
||||
|
||||
[distributedSearch:dmc_group_indexer]
|
||||
default = true
|
||||
servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_group_shc_deployer]
|
||||
servers = localhost:localhost
|
||||
|
||||
[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
|
||||
servers = SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089,SVLCTPLOGCLM01.jpit.com:8089,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_group_license_master]
|
||||
servers = SVLCTPLOGLMR.jpit.com:8089
|
||||
|
||||
[distributedSearch:dmc_searchheadclustergroup_M-TIC_shcluster]
|
||||
servers = localhost:localhost,SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089
|
||||
|
||||
[distributedSearch]
|
||||
servers = https://SVLCTPLOGCLM01.jpit.com:8089,https://SVLCTPLOGLMR.jpit.com:8089,https://SVLCTPLOGPUB01.jpit.com:8089,https://SVLCTPLOGPUB02.jpit.com:8089
|
||||
@ -0,0 +1 @@
|
||||
[distributed_health_reporter]
|
||||
@ -0,0 +1,6 @@
|
||||
This directory is the default repository location for deployable apps in a deployment server
|
||||
configuration.
|
||||
|
||||
For details on configuring as a deployment server, see
|
||||
$SPLUNK_HOME/etc/system/README/serverclass.conf.spec, serverclass.conf.example or the Admin manual
|
||||
at http://docs.splunk.com/Documentation.
|
||||
@ -0,0 +1,4 @@
|
||||
[settings]
|
||||
mc_auto_config = enabled
|
||||
disabled = 0
|
||||
configuredPeers = SVLCTPLOGPUB01.jpit.com:8089,SVLCTPLOGPUB02.jpit.com:8089,SVLCTPLOGIDX01.jpit.com:8089,SVLCTPLOGIDX02.jpit.com:8089,SVLCTPLOGLMR.jpit.com:8089,SVLCTPLOGCLM01.jpit.com:8089
|
||||
@ -0,0 +1,632 @@
|
||||
<!-- Version 4.0 -->
|
||||
|
||||
|
||||
<language>
|
||||
<options>
|
||||
<useAdvancedQuery>false</useAdvancedQuery>
|
||||
</options>
|
||||
|
||||
<controls>
|
||||
<control>
|
||||
<token>SEARCH</token>
|
||||
<modules>
|
||||
|
||||
<module>
|
||||
<name>savedSplunkLoader</name>
|
||||
<requiredArgs>
|
||||
<arg>savedsplunk</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>savedSplunkLoader</name>
|
||||
<requiredArgs>
|
||||
<arg>savedsearch</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>startdaysago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<startdaysago>1</startdaysago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sortmeta</name>
|
||||
<requiredArgs>
|
||||
<arg>sort</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>order</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>lastby</name>
|
||||
<requiredArgs>
|
||||
<arg>lastby</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>readtimeout</name>
|
||||
<requiredArgs>
|
||||
<arg>readtimeout</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<readtimeout>5</readtimeout>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>queryid</name>
|
||||
<requiredArgs>
|
||||
<arg>queryid</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sortorder</name>
|
||||
<requiredArgs>
|
||||
<arg>!resultsetsortby</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>readlevel</name>
|
||||
<requiredArgs>
|
||||
<arg>readlevel</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>readlimit</name>
|
||||
<requiredArgs>
|
||||
<arg>readlimit</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>startminutesago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<startminutesago>1</startminutesago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>starthoursago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<starthoursago>1</starthoursago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>startmonthsago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<startmonthsago>1</startmonthsago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>enddaysago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<enddaysago>1</enddaysago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>endminutesago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<endminutesago>1</endminutesago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>endhoursago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<endhoursago>1</endhoursago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>endmonthsago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<endmonthsago>1</endmonthsago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>searchtimespanhours</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<searchtimespanhours>1</searchtimespanhours>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>searchtimespanminutes</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<searchtimespanminutes>1</searchtimespanminutes>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>searchtimespandays</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<searchtimespandays>1</searchtimespandays>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>searchtimespanmonths</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<searchtimespanmonths>1</searchtimespanmonths>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>starttime</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>timeformat</arg>
|
||||
</optionalArgs>
|
||||
<defaults>
|
||||
<starttime>12/31/1969:16:00:00</starttime>
|
||||
<timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>endtime</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>timeformat</arg>
|
||||
</optionalArgs>
|
||||
<defaults>
|
||||
<endtime>12/31/2022:16:00:00</endtime>
|
||||
<timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>starttimeu</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<starttimeu>0</starttimeu>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>endtimeu</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<endtimeu>1672531200</endtimeu>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>daysago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<daysago>1</daysago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>minutesago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<minutesago>1</minutesago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>hoursago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<hoursago>1</hoursago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>time</name>
|
||||
<requiredArgs>
|
||||
<arg>monthsago</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<monthsago>1</monthsago>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>maxtime</name>
|
||||
<requiredArgs>
|
||||
<arg>maxtime</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<maxtime>60</maxtime>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>countSetter</name>
|
||||
<requiredArgs>
|
||||
<arg>maxevents</arg>
|
||||
</requiredArgs>
|
||||
<defaults>
|
||||
<maxevents>typeahead_suppress</maxevents>
|
||||
</defaults>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>eventtypeResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>eventtype</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>eventtypeResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>tag</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>eventtypeResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>typetag</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>eventtypeResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>eventtypetag</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>hosttagResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>hosttag</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sourcetypeResolver</name>
|
||||
<requiredArgs>
|
||||
<arg>sourcetype</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>domainFinder</name>
|
||||
<requiredArgs>
|
||||
<arg>index</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>connectedbytype</name>
|
||||
<requiredArgs>
|
||||
<arg>relatedbytype</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>minrelationbytype</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>historyuser</name>
|
||||
<requiredArgs>
|
||||
<arg>user</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>regexFilter</name>
|
||||
<requiredArgs>
|
||||
<arg>grep</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>debugCommand</name>
|
||||
<requiredArgs>
|
||||
<arg>!++cmd++</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>!++param1++</arg>
|
||||
<arg>!++param2++</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
</modules>
|
||||
</control>
|
||||
|
||||
<control>
|
||||
<token>GET</token>
|
||||
<modules>
|
||||
|
||||
<module>
|
||||
<name>eventGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>events</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>summarize</arg>
|
||||
</optionalArgs>
|
||||
<requiredControls>
|
||||
<token>SEARCH</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>timebucketsGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>timebuckets</arg>
|
||||
</requiredArgs>
|
||||
<requiredControls>
|
||||
<token>SEARCH</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>reportGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>report</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>typeGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>types</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>samplesfortypes</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>searchGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>searches</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>samplesfortypes</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>hostGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>hosts</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sourceTypeGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>sourcetypes</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>eventTagGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>eventtags</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>hostTagGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>hosttags</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sourceTypeTagGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>sourcetypetags</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>sourceGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>sources</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>reportGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>report</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>formatGetter</name>
|
||||
<requiredArgs>
|
||||
<arg>formats</arg>
|
||||
</requiredArgs>
|
||||
</module>
|
||||
|
||||
</modules>
|
||||
</control>
|
||||
|
||||
<control>
|
||||
<token>OUTPUT</token>
|
||||
<modules>
|
||||
|
||||
<module>
|
||||
<name>emailOut</name>
|
||||
<requiredArgs>
|
||||
<arg>email</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>format</arg>
|
||||
</optionalArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>schedOut</name>
|
||||
<requiredArgs>
|
||||
<arg>scheduler</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>resolveids</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>schedOut</name>
|
||||
<requiredArgs>
|
||||
<arg>summary</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>resolveids</arg>
|
||||
</optionalArgs>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>rssOut</name>
|
||||
<requiredArgs>
|
||||
<arg>rssfeed</arg>
|
||||
</requiredArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>splunkUIOut</name>
|
||||
<requiredArgs>
|
||||
<arg>splunkui</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>format</arg>
|
||||
<arg>idcount</arg>
|
||||
<arg>maxlines</arg>
|
||||
<arg>timeformat</arg>
|
||||
</optionalArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>exportOut</name>
|
||||
<requiredArgs>
|
||||
<arg>exportto</arg>
|
||||
</requiredArgs>
|
||||
<optionalArgs>
|
||||
<arg>format</arg>
|
||||
</optionalArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
<module>
|
||||
<name>raweventsOut</name>
|
||||
<requiredArgs>
|
||||
<arg>rawevents</arg>
|
||||
</requiredArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
|
||||
|
||||
<module>
|
||||
<name>magicgraph</name>
|
||||
<requiredArgs>
|
||||
<arg>magicgraph</arg>
|
||||
</requiredArgs>
|
||||
<requiredControls>
|
||||
<token>GET</token>
|
||||
</requiredControls>
|
||||
</module>
|
||||
</modules>
|
||||
</control>
|
||||
</controls>
|
||||
|
||||
<!--
|
||||
Examples :
|
||||
|
||||
Running a normal splunk ui query
|
||||
SEARCH get NOT post NOT( eventtype::error OR connected::foo:1:123544 ) count::100000 domain::splunkdb1
|
||||
GET events::0-20 types::all sourcetypes::all timebuckets::all
|
||||
OUTPUT splunkui::ajax format::heavy
|
||||
|
||||
Running a query to email all the sources in the system to brian@splunk.com with html email format
|
||||
GET sources::all
|
||||
OUTPUT email::brian@splunk.com format::htmlmail
|
||||
-->
|
||||
</language>
|
||||
@ -0,0 +1,25 @@
|
||||
# Version 9.1.0.1
|
||||
|
||||
# Modify the following line to suit the location of your Splunk install.
|
||||
# If unset, Splunk will use the parent of the directory containing the splunk
|
||||
# CLI executable.
|
||||
#
|
||||
# SPLUNK_HOME=/home/build/build-home
|
||||
|
||||
# By default, Splunk stores its indexes under SPLUNK_HOME in the
|
||||
# var/lib/splunk subdirectory. This can be overridden
|
||||
# here:
|
||||
#
|
||||
# SPLUNK_DB=/home/build/build-home/var/lib/splunk
|
||||
# Splunkd daemon name
|
||||
SPLUNK_SERVER_NAME=Splunkd
|
||||
|
||||
# If SPLUNK_OS_USER is set, then Splunk service will only start
|
||||
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
|
||||
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
|
||||
# (This setting can be specified as username or as UID.)
|
||||
#
|
||||
# SPLUNK_OS_USER
|
||||
PYTHONHTTPSVERIFY=0
|
||||
PYTHONUTF8=1
|
||||
OPTIMISTIC_ABOUT_FILE_LOCKING=1
|
||||
@ -0,0 +1,4 @@
|
||||
VERSION=9.1.0.1
|
||||
BUILD=77f73c9edb85
|
||||
PRODUCT=splunk
|
||||
PLATFORM=Linux-x86_64
|
||||
Loading…
Reference in new issue