You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
447 lines
10 KiB
447 lines
10 KiB
# NOTE: As of 4.15.0, for every new input, please add start_by_shell = false
|
|
|
|
[itsi_user_access_init]
|
|
interval = 900
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_user_access_init://upgrade_capabilities]
|
|
log_level = WARN
|
|
app_name = itsi
|
|
disabled = 0
|
|
|
|
[configure_itsi]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[configure_itsi://splunko]
|
|
log_level = INFO
|
|
|
|
[itsi_migration_queue]
|
|
interval = 5
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_migration_queue://migration_queue]
|
|
interval = 5
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_refresher]
|
|
python.version = python3
|
|
disabled = 1
|
|
run_only_one = false
|
|
# This input is intentionaly disabled.
|
|
|
|
[itsi_consumer]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_consumer://consumer1]
|
|
log_level = INFO
|
|
number_of_thread = 8
|
|
interval = 5
|
|
disabled = 0
|
|
|
|
[itsi_backup_restore]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_backup_restore://itsi_backup_restore]
|
|
disabled = 0
|
|
interval = 5
|
|
|
|
[itsi_scheduled_backup_caller]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_scheduled_backup_caller://itsi_scheduled_backup]
|
|
interval = 3600
|
|
disabled = 0
|
|
python.version = python3
|
|
|
|
[itsi_service_template_update_scheduler]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_service_template_update_scheduler://itsi_service_template_update_scheduler]
|
|
interval = 900
|
|
disabled = 0
|
|
|
|
[itsi_backfill]
|
|
interval = 600
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_backfill://backfiller]
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_async_csv_loader]
|
|
interval = 10
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_async_csv_loader://async_csv_loader]
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_notable_event_archive]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_notable_event_archive://age_notable_event]
|
|
disabled = 0
|
|
interval = 3600
|
|
|
|
[maintenance_minder]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[maintenance_minder://populate_operative_maintenance_log]
|
|
interval = 60
|
|
disabled = 0
|
|
|
|
[custom_threshold_window_minder]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[custom_threshold_window_minder://populate_custom_threshold_activity]
|
|
interval = 60
|
|
disabled = 0
|
|
log_level = INFO
|
|
|
|
[custom_threshold_window_overlaps_detector]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[custom_threshold_window_overlaps_detector://populate_overlapping_ctw_data]
|
|
interval = 86400
|
|
disabled = 0
|
|
log_level = INFO
|
|
|
|
[itsi_default_aggregation_policy_loader]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_default_aggregation_policy_loader://default_policy_loader]
|
|
disabled = 0
|
|
|
|
[itsi_default_correlation_search_acl_loader]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_default_correlation_search_acl_loader://default_acl_loader]
|
|
disabled = 0
|
|
interval = -1
|
|
|
|
[itsi_notable_event_hec_init]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_notable_event_hec_init://default_hec_initializer]
|
|
disabled = 0
|
|
interval = 600
|
|
|
|
[itsi_hec_init]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_hec_init://bulk_import_hec_initializer]
|
|
disabled = 0
|
|
interval = 600
|
|
|
|
[itsi_queue_consumer_size_checker]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_queue_consumer_size_checker://queue_consumer_size_checker]
|
|
interval = 1800
|
|
disabled = 0
|
|
timeout = 1800
|
|
system_user_name = splunk-system-user
|
|
collection_size_initial_threshold = 10000
|
|
collection_size_final_threshold = 100000
|
|
|
|
[itsi_notable_event_actions_queue_consumer]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_notable_event_actions_queue_consumer://alpha]
|
|
interval = 30
|
|
disabled = 0
|
|
# Due to indexing delay, we are deferring the action (in sec)
|
|
exec_delay_time = 0.1
|
|
batch_size = 50
|
|
timeout = 7200
|
|
system_user_name = splunk-system-user
|
|
|
|
[itsi_notable_event_actions_queue_consumer://beta]
|
|
interval = 30
|
|
disabled = 0
|
|
# Due to indexing delay, we are deferring the action (in sec)
|
|
exec_delay_time = 0.1
|
|
batch_size = 50
|
|
timeout = 7200
|
|
system_user_name = splunk-system-user
|
|
|
|
[itsi_notable_event_actions_queue_consumer://gamma]
|
|
interval = 30
|
|
disabled = 0
|
|
# Due to indexing delay, we are deferring the action (in sec)
|
|
exec_delay_time = 0.1
|
|
batch_size = 50
|
|
timeout = 7200
|
|
system_user_name = splunk-system-user
|
|
|
|
[itsi_notable_event_actions_queue_consumer://zeta]
|
|
interval = 30
|
|
disabled = 1
|
|
# Due to indexing delay, we are deferring the action (in sec)
|
|
exec_delay_time = 0.1
|
|
batch_size = 50
|
|
timeout = 7200
|
|
system_user_name = splunk-system-user
|
|
|
|
[itsi_notable_event_actions_queue_consumer://delta]
|
|
interval = 30
|
|
disabled = 1
|
|
# Due to indexing delay, we are deferring the action (in sec)
|
|
exec_delay_time = 0.1
|
|
batch_size = 50
|
|
timeout = 7200
|
|
system_user_name = splunk-system-user
|
|
|
|
[itsi_notable_event_actions_consumer_assigning]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[itsi_notable_event_actions_consumer_assigning://default_consumer_assigning]
|
|
disabled = 1
|
|
interval = 0
|
|
consumer_refresh_interval = 60
|
|
delete_objects_interval = 600
|
|
batch_size = 1000
|
|
# Let's add some delay (in sec) between each execution so we give it some time for actions to be queued before reading
|
|
# the next batch and also to reduce our KV Store calls. No need to keep making unnecessary KV Store calls if the
|
|
# collection may be empty.
|
|
read_delay_time = 0.1
|
|
system_user_name = splunk-system-user
|
|
log_level = INFO
|
|
|
|
[http]
|
|
ackIdleCleanup = true
|
|
maxIdleTime = 60
|
|
|
|
[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/import_icons_SA_ITOA.py]
|
|
disabled = 0
|
|
interval = -1
|
|
passAuth = splunk-system-user
|
|
run_only_one = true
|
|
python.version = python3
|
|
start_by_shell = false
|
|
|
|
[itsi_age_kpi_alert_value_cache]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_age_kpi_alert_value_cache://age_kpi_alert_value_cache]
|
|
disabled = 0
|
|
interval = 900
|
|
log_level = INFO
|
|
retentionTimeInSec = 1800
|
|
|
|
[itsi_csv_import]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_summary_metrics_backfill]
|
|
interval = 5
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_summary_metrics_backfill://metrics_backfiller]
|
|
log_level = INFO
|
|
disabled = 1
|
|
metrics_backfill_length = 3
|
|
metrics_backfill_throttle = 10
|
|
metrics_backfill_concurrent_searches = 1
|
|
|
|
[monitor://$SPLUNK_HOME/var/run/splunk/dispatch/*/itsi_search*]
|
|
disabled = 1
|
|
sourcetype = itsi_internal_log
|
|
index = _internal
|
|
|
|
[itsi_suite_enforcer]
|
|
python.version = python3
|
|
interval = 60
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_suite_enforcer://suite_enforcer]
|
|
log_level = INFO
|
|
|
|
[itsi_backfill_record_cleanup]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_backfill_record_cleanup://backfill_cleanup]
|
|
interval = 86400
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_content_pack_authorship]
|
|
interval = 5
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
build_timeout = 3600
|
|
|
|
[itsi_content_pack_authorship://content_pack_authorship]
|
|
interval = 5
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_upgrade_readiness]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_upgrade_readiness://upgrade_readiness]
|
|
interval = 86400
|
|
log_level = INFO
|
|
disabled = 0
|
|
|
|
[itsi_high_scale_ea]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_high_scale_ea://high_scale_ea]
|
|
disabled = 1
|
|
log_level = INFO
|
|
|
|
[itsi_at_saved_search_rewriter]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_at_saved_search_rewriter://at_saved_search_rewriter]
|
|
disabled = 0
|
|
log_level = INFO
|
|
|
|
[service_sandbox_status_updater]
|
|
python.version = python3
|
|
run_only_one = true
|
|
start_by_shell = false
|
|
|
|
[service_sandbox_status_updater://update_service_sandbox_status]
|
|
disabled = 0
|
|
log_level = INFO
|
|
|
|
[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/itsi_adhoc_re_init.py]
|
|
disabled = 1
|
|
interval = 0
|
|
passAuth = splunk-system-user
|
|
python.version = python3
|
|
start_by_shell = false
|
|
shcluster_status_check = true
|
|
pulse_frequency = 20
|
|
command.arg.1=-J-Xmx8192M
|
|
command.arg.2=-Dlog4j.configurationFile=../default/log4j_rules_engine.xml
|
|
command.arg.3=-DitsiRulesEngine.configurationFile=../default/itsi_rules_engine.properties
|
|
# Handle machine like docker where locale is not set
|
|
command.arg.4=-Dfile.encoding=UTF-8
|
|
command.arg.5=-Dconfig.file=../lib/java/event_management/pekko_application.conf
|
|
command.arg.6=-DitsiRulesEngine.localConfigurationFile=../local/itsi_rules_engine.properties
|
|
command.arg.7=modInput
|
|
|
|
[itsi_nats_mod_input]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_nats_mod_input://nats_mod_input]
|
|
disabled = 1
|
|
log_level = INFO
|
|
|
|
[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/itsi_queue_re_init.py]
|
|
disabled = 1
|
|
interval = 0
|
|
passAuth = splunk-system-user
|
|
python.version = python3
|
|
start_by_shell = false
|
|
shcluster_status_check = true
|
|
pulse_frequency = 20
|
|
command.arg.1=-J-Xmx8192M
|
|
command.arg.2=-Dlog4j.configurationFile=../default/log4j_rules_engine.xml
|
|
command.arg.3=-DitsiRulesEngine.configurationFile=../default/itsi_rules_engine.properties
|
|
# Handle machine like docker where locale is not set
|
|
command.arg.4=-Dfile.encoding=UTF-8
|
|
command.arg.5=-Dconfig.file=../lib/java/event_management/pekko_application.conf
|
|
command.arg.6=-DitsiRulesEngine.localConfigurationFile=../local/itsi_rules_engine.properties
|
|
command.arg.7=-Dlog4j2.contextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector
|
|
command.arg.8=-DitsiRulesEngine.natsCertDir=../../../etc/auth/nats
|
|
command.arg.9=queueMode
|
|
|
|
[itsi_entities_status_cache_cleanup]
|
|
python.version = python3
|
|
interval = 86400
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
|
|
[itsi_entities_status_cache_cleanup://entities_status_cache_cleanup]
|
|
log_level = INFO
|
|
|
|
[itsi_sandbox_sync_log_cleaner]
|
|
python.version = python3
|
|
interval = 86400
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
disabled = 0
|
|
|
|
[itsi_sandbox_sync_log_cleaner://sandbox_sync_log_cleanup]
|
|
log_level = INFO
|
|
|
|
[itsi_exported_episode_files_cleaner]
|
|
python.version = python3
|
|
run_only_one = false
|
|
start_by_shell = false
|
|
disabled = 0
|
|
interval = 86400
|
|
|
|
[itsi_exported_episode_files_cleaner://delete_episode_files]
|
|
log_level = INFO
|
|
|
|
|
|
[script://$SPLUNK_HOME/etc/apps/SA-ITOA/bin/import_icons_SA_ITOA.py]
|
|
disabled = 0
|
|
interval = -1
|
|
passAuth = splunk-system-user
|
|
python.version = python3
|
|
run_only_one = true
|