# NOTE: As of 4.15.0, for every new input, please add start_by_shell = false

[itsi_user_access_init]
interval = 900
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_user_access_init://upgrade_capabilities]
log_level = WARN
app_name = itsi
disabled = 0

[configure_itsi]
python.version = python3
run_only_one = false
start_by_shell = false

[configure_itsi://splunko]
log_level = INFO

[itsi_migration_queue]
interval = 5
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_migration_queue://migration_queue]
interval = 5
log_level = INFO
disabled = 0

[itsi_refresher]
python.version = python3
disabled = 1
run_only_one = false
# This input is intentionaly disabled.

[itsi_consumer]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_consumer://consumer1]
log_level = INFO
number_of_thread = 8
high_job_ratio = 0
job_timeout = 0
max_retries = 1
interval = 5
disabled = 0

[itsi_backup_restore]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_backup_restore://itsi_backup_restore]
disabled = 0
interval = 5

[itsi_scheduled_backup_caller]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_scheduled_backup_caller://itsi_scheduled_backup]
interval = 3600
disabled = 0
python.version = python3

[itsi_service_template_update_scheduler]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_service_template_update_scheduler://itsi_service_template_update_scheduler]
interval = 900
disabled = 0

[itsi_backfill]
interval = 600
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_backfill://backfiller]
log_level = INFO
disabled = 0

[itsi_async_csv_loader]
interval = 10
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_async_csv_loader://async_csv_loader]
log_level = INFO
disabled = 0

[itsi_notable_event_archive]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_notable_event_archive://age_notable_event]
disabled = 0
interval = 3600

[maintenance_minder]
python.version = python3
run_only_one = false
start_by_shell = false

[maintenance_minder://populate_operative_maintenance_log]
interval = 60
disabled = 0

[custom_threshold_window_minder]
python.version = python3
run_only_one = false
start_by_shell = false

[custom_threshold_window_minder://populate_custom_threshold_activity]
interval = 60
disabled = 0
log_level = INFO

[custom_threshold_window_overlaps_detector]
python.version = python3
run_only_one = false
start_by_shell = false

[custom_threshold_window_overlaps_detector://populate_overlapping_ctw_data]
interval = 86400
disabled = 0
log_level = INFO

[itsi_default_event_management_objects_loader]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_default_event_management_objects_loader://default_object_loader]
disabled = 0

[itsi_default_correlation_search_acl_loader]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_default_correlation_search_acl_loader://default_acl_loader]
disabled = 0
interval = -1

[itsi_notable_event_hec_init]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_notable_event_hec_init://default_hec_initializer]
disabled = 0
interval = 600

[itsi_hec_init]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_hec_init://bulk_import_hec_initializer]
disabled = 0
interval = 600

[itsi_queue_consumer_size_checker]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_queue_consumer_size_checker://queue_consumer_size_checker]
interval = 1800
disabled = 0
timeout = 1800
system_user_name = splunk-system-user
collection_size_initial_threshold = 10000
collection_size_final_threshold = 100000

[itsi_notable_event_actions_queue_consumer]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_notable_event_actions_queue_consumer://alpha]
interval = 30
disabled = 0
# Due to indexing delay, we are deferring the action (in sec)
exec_delay_time = 0.1
batch_size = 50
timeout = 7200
system_user_name = splunk-system-user

[itsi_notable_event_actions_queue_consumer://beta]
interval = 30
disabled = 0
# Due to indexing delay, we are deferring the action (in sec)
exec_delay_time = 0.1
batch_size = 50
timeout = 7200
system_user_name = splunk-system-user

[itsi_notable_event_actions_queue_consumer://gamma]
interval = 30
disabled = 0
# Due to indexing delay, we are deferring the action (in sec)
exec_delay_time = 0.1
batch_size = 50
timeout = 7200
system_user_name = splunk-system-user

[itsi_notable_event_actions_queue_consumer://zeta]
interval = 30
disabled = 1
# Due to indexing delay, we are deferring the action (in sec)
exec_delay_time = 0.1
batch_size = 50
timeout = 7200
system_user_name = splunk-system-user

[itsi_notable_event_actions_queue_consumer://delta]
interval = 30
disabled = 1
# Due to indexing delay, we are deferring the action (in sec)
exec_delay_time = 0.1
batch_size = 50
timeout = 7200
system_user_name = splunk-system-user

[itsi_notable_event_actions_consumer_assigning]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_notable_event_actions_consumer_assigning://default_consumer_assigning]
disabled = 1
interval = 0
consumer_refresh_interval = 60
delete_objects_interval = 600
batch_size = 1000
# Let's add some delay (in sec) between each execution so we give it some time for actions to be queued before reading
# the next batch and also to reduce our KV Store calls. No need to keep making unnecessary KV Store calls if the
# collection may be empty.
read_delay_time = 0.1
system_user_name = splunk-system-user
log_level = INFO

[http]
ackIdleCleanup = true
maxIdleTime = 60

[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/import_icons_SA_ITOA.py]
disabled = 0
interval = -1
passAuth = splunk-system-user
run_only_one = true
python.version = python3
start_by_shell = false

[itsi_age_kpi_alert_value_cache]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_age_kpi_alert_value_cache://age_kpi_alert_value_cache]
disabled = 0
interval = 900
log_level = INFO
retentionTimeInSec = 1800

[itsi_csv_import]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_summary_metrics_backfill]
interval = 5
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_summary_metrics_backfill://metrics_backfiller]
log_level = INFO
disabled = 1
metrics_backfill_length = 3
metrics_backfill_throttle = 10
metrics_backfill_concurrent_searches = 1

[monitor://$SPLUNK_HOME/var/run/splunk/dispatch/*/itsi_search*]
disabled = 1
sourcetype = itsi_internal_log
index = _internal

[itsi_suite_enforcer]
python.version = python3
interval = 60
run_only_one = false
start_by_shell = false

[itsi_suite_enforcer://suite_enforcer]
log_level = INFO

[itsi_backfill_record_cleanup]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_backfill_record_cleanup://backfill_cleanup]
interval = 86400
log_level = INFO
disabled = 0

[itsi_content_pack_authorship]
interval = 5
python.version = python3
run_only_one = false
start_by_shell = false
build_timeout = 3600

[itsi_content_pack_authorship://content_pack_authorship]
interval = 5
log_level = INFO
disabled = 0

[itsi_upgrade_readiness]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_upgrade_readiness://upgrade_readiness]
interval = 86400
log_level = INFO
disabled = 0

[itsi_at_saved_search_rewriter]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_at_saved_search_rewriter://at_saved_search_rewriter]
disabled = 0
log_level = INFO

[service_sandbox_status_updater]
python.version = python3
run_only_one = true
start_by_shell = false

[service_sandbox_status_updater://update_service_sandbox_status]
disabled = 0
log_level = INFO

[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/itsi_adhoc_re_init.py]
disabled = 1
interval = 0
passAuth = splunk-system-user
python.version = python3
start_by_shell = false
shcluster_status_check = true
pulse_frequency = 20
command.arg.1=-J-Xmx8192M
command.arg.2=-Dlog4j.configurationFile=../default/log4j_rules_engine.xml
command.arg.3=-DitsiRulesEngine.configurationFile=../default/itsi_rules_engine.properties
# Handle machine like docker where locale is not set
command.arg.4=-Dfile.encoding=UTF-8
command.arg.5=-Dconfig.file=../lib/java/event_management/pekko_application.conf
command.arg.6=-DitsiRulesEngine.localConfigurationFile=../local/itsi_rules_engine.properties
command.arg.7=modInput

[itsi_nats_mod_input]
python.version = python3
run_only_one = false
start_by_shell = false

[itsi_nats_mod_input://nats_mod_input]
disabled = 0
log_level = INFO

[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/itsi_queue_re_init.py]
disabled = 1
interval = 0
passAuth = splunk-system-user
python.version = python3
start_by_shell = false
run_only_one = false
shcluster_status_check = true
pulse_frequency = 20
command.arg.1=-J-Xmx8192M
command.arg.2=-Dlog4j.configurationFile=../default/log4j_rules_engine.xml
command.arg.3=-DitsiRulesEngine.configurationFile=../default/itsi_rules_engine.properties
# Handle machine like docker where locale is not set
command.arg.4=-Dfile.encoding=UTF-8
command.arg.5=-Dconfig.file=../lib/java/event_management/pekko_application.conf
command.arg.6=-DitsiRulesEngine.localConfigurationFile=../local/itsi_rules_engine.properties
command.arg.7=-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector
command.arg.8=-DitsiRulesEngine.natsCertDir=../../../auth/nats
command.arg.9=queueMode

[itsi_entities_status_cache_cleanup]
python.version = python3
interval = 86400
run_only_one = false
start_by_shell = false

[itsi_entities_status_cache_cleanup://entities_status_cache_cleanup]
log_level = INFO

[itsi_duplicate_entities_manager]
python.version = python3
interval = 300
run_only_one = false
start_by_shell = false

[itsi_duplicate_entities_manager://duplicate_entities_manager]
log_level = INFO

[itsi_duplicate_entities_nightly_job_scheduler]
python.version = python3
interval = 0 0 * * *
run_only_one = true
start_by_shell = false
disabled = 0

[itsi_duplicate_entities_nightly_job_scheduler://duplicate_entities_nightly_job_scheduler_job]
log_level = INFO

[itsi_sandbox_sync_log_cleaner]
python.version = python3
interval = 86400
run_only_one = false
start_by_shell = false
disabled = 0

[itsi_sandbox_sync_log_cleaner://sandbox_sync_log_cleanup]
log_level = INFO

[itsi_exported_episode_files_cleaner]
python.version = python3
run_only_one = false
start_by_shell = false
disabled = 0
interval = 86400

[itsi_exported_episode_files_cleaner://delete_episode_files]
log_level = INFO

[itsi_entity_AT_auto_onboarding]
python.version = python3
run_only_one = true
start_by_shell = false

[itsi_entity_AT_auto_onboarding://auto_onboarding]
log_level = INFO
interval = 4 4 * * 6
disabled = 0

[itsi_entity_AT_auto_onboarding://auto_deboarding]
log_level = INFO
interval = 4 4 * * 0
disabled = 0

[itsi_nats_certificates_auto_rotation]
python.version = python3
interval = 1296000

[itsi_nats_certificates_auto_rotation://nats_certificates_auto_rotation]
disabled = 0
log_level = INFO


[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/import_icons_SA_ITOA.py]
disabled = 0
interval = -1
passAuth = splunk-system-user
python.version = python3
run_only_one = true