diff --git a/.ui_login b/.ui_login
new file mode 100644
index 00000000..e69de29b
diff --git a/datetime.xml b/datetime.xml
new file mode 100644
index 00000000..dbc902a2
--- /dev/null
+++ b/datetime.xml
@@ -0,0 +1,225 @@
+<!--   Version 5.0 -->
+
+<!-- datetime.xml -->
+<!-- This file contains the general formulas for parsing date/time formats. -->
+
+<datetime>
+
+<define name="_year" extract="year">
+	<text><![CDATA[(20\d\d|19\d\d|[9012]\d(?!\d))]]></text>
+</define>
+
+<define name="_month" extract="month">
+	<text><![CDATA[(0?[1-9]|1[012])(?!:)]]></text>
+</define>
+
+<define name="_litmonth"  extract="litmonth">
+	 <text><![CDATA[(?<![\d\w])(jan|\x{4E00}\x{6708}|feb|\x{4E8C}\x{6708}|mar|\x{4E09}\x{6708}|apr|\x{56DB}\x{6708}|may|\x{4E94}\x{6708}|jun|\x{516D}\x{6708}|jul|\x{4E03}\x{6708}|aug|\x{516B}\x{6708}|sep|\x{4E5D}\x{6708}|oct|\x{5341}\x{6708}|nov|\x{5341}\x{4E00}\x{6708}|dec|\x{5341}\x{4E8C}\x{6708})[a-z,\.;]*]]></text>
+</define>
+
+<define name="_allmonth" extract="litmonth, month">
+	<text><![CDATA[(?:]]></text>
+        <use name="_litmonth"/>
+	<text><![CDATA[|]]></text>
+        <use name="_month"/>
+	<text><![CDATA[)]]></text>
+</define>
+
+<define name="_day"  extract="day">
+	<text><![CDATA[(0?[1-9]|[12]\d|3[01])]]></text> 
+</define>
+
+<define name="_usday" extract="day">
+	<use name="_day"/>
+	<text><![CDATA[(?:st|nd|rd|th|[,\.;])?]]></text>
+</define>
+
+<define name="_hour" extract="hour">
+	<text><![CDATA[([01]?[0-9]|[012][0-3])(?!\d)]]></text>
+</define>
+
+<define name="_minute" extract="minute">
+	<text><![CDATA[([0-6]\d)(?!\d)]]></text>
+</define>
+
+<define name="_second" extract="second">
+	<text><![CDATA[([0-6]\d)(?!\d)]]></text>
+</define>
+
+<define name="_zone" extract="zone">
+	 <text><![CDATA[((?:(?:UT|UTC|GMT(?![+-])|CET|CEST|CETDST|MET|MEST|METDST|MEZ|MESZ|EET|EEST|EETDST|WET|WEST|WETDST|MSK|MSD|IST|JST|KST|HKT|AST|ADT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|CAST|CADT|EAST|EADT|WAST|WADT|Z)|(?:GMT)?[+-]\d\d?:?(?:\d\d)?)(?!\w))?]]></text>
+</define>
+
+<define name="_ampm" extract="ampm">
+	<text><![CDATA[([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348})?]]></text>
+</define>
+
+<define name="_time" extract="hour, minute, second, subsecond, ampm, zone">
+	<text><![CDATA[(?<!\d)]]></text>
+        <use name="_hour"/>
+	<text><![CDATA[:]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[:]]></text>
+        <use name="_second"/> 
+	<text><![CDATA[(?:(?: \d{4})?[:,\.](\d+))? {0,2}]]></text>
+        <use name="_ampm"/>
+	<text><![CDATA[ {0,2}]]></text>
+        <use name="_zone"/>
+	<text><![CDATA[(?!:\d)]]></text>
+</define>
+
+<define name="_hmtime" extract="hour, minute, ampm">
+	<text><![CDATA[(?<!\d)]]></text>
+        <use name="_hour"/>
+	<text><![CDATA[:]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[(?: ([ap]m(?:[^A-Za-z0-9]|$)|[\x{4E0A}\x{4E0B}]\x{5348}))?(?!:[:\d])]]></text>
+</define>
+
+
+<define name="_dottime" extract="hour, minute, second, subsecond, zone">
+	<text><![CDATA[(?<![\d\.])([01]\d|2[0-3])\.]]></text>
+        <use name="_minute"/>
+	<text><![CDATA[(?:\.?]]></text>
+        <use name="_second"/>
+	<text><![CDATA[(?:[:,]\d+)?(?:\.(\d\d\d\d+))?) {0,2}]]></text>
+        <use name="_zone"/>
+	<text><![CDATA[(?![0-9\.])]]></text>
+</define>
+
+<define name="_combdatetime" extract="year, month, day, hour, minute, second, subsecond">
+        <!-- ... 20060502-000002 GMT ... -->
+	<text><![CDATA[(?<![\d\.])(20\d\d)(0\d|1[012])([012]\d|3[01])[.-]?([01]\d|2[0123])([0-6]\d)([0-6]\d)(?:\.?(\d+))?]]>\s*</text>
+        <use name="_zone"/> 
+</define>
+
+<define name="_combdatetime2" extract="year, ignored_sep, month, day, hour, minute, second, zone">
+        <!-- ... 2007-3-22 0:0:2 GMT ...' -->
+        <!-- ... 2007/3/22 0:0:2 GMT ...' -->
+        <text><![CDATA[(?<![\d\.])(20\d\d)([-/])([01]?\d)\2([012]?\d|3[01])\s+([012]?\d):([0-6]?\d):([0-6]?\d)]]>\s*</text>
+        <use name="_zone"/> 
+</define>
+
+
+
+<define name="_usdate" extract="litmonth, month, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_allmonth"/> 
+         <text><![CDATA[([/\- ]) {0,2}]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\3|,) {0,2}]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+<!-- Jan 21, 09.  allows spaces with litmonth only -->
+<define name="_usdate1" extract="litmonth, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_litmonth"/> 
+         <text><![CDATA[([/\- ]) {0,2}]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:) {0,2}(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\2|,) {0,2}]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+<!-- 10/21/09. doesn't allow spaces (e.g. 10 21 09) with numeric month -->
+<define name="_usdate2" extract="month, ignored_sep, day, zone, ignored_sep2, year">
+	 <text><![CDATA[(?<!\w|\d[:\.\-])]]></text>
+	 <use name="_month"/> 
+         <text><![CDATA[([/\-])]]></text>
+         <use name="_day"/>
+         <text><![CDATA[(?!:)(?:\d\d:\d\d:\d\d(?:[\.\,]\d+)? {0,2}]]></text>
+	 <use name="_zone"/>
+         <text><![CDATA[)?((?:\2)]]></text>
+         <use name="_year"/> 
+         <text><![CDATA[)?(?!/|\w|\.\d)]]></text>
+</define>
+
+
+<define name="_isodate" extract="year, ignored_sep, litmonth, month, day">
+        <text><![CDATA[(?<![\w\d])]]></text>
+        <use name="_year"/>
+	<text><![CDATA[([\./\- ])]]></text>
+        <use name="_allmonth"/>
+	<text><![CDATA[(?!\d)(?:[\./\- ] {0,2})?]]></text>
+        <use name="_day"/>
+        <text><![CDATA[(?!/)(?:(?=T)|(?!\w)(?!\.\d))]]></text>
+</define>
+
+<!-- eurodate format.  period/dot delim separated out to eurodate2 -->
+<define name="_eurodate1" extract="day, ignored_sep, litmonth, month, year">
+        <text><![CDATA[(?<![\w\.])]]></text>
+        <use name="_usday"/> 
+	<text><![CDATA[([\- /]) {0,2}]]></text>
+        <use name="_allmonth"/>
+        <text><![CDATA[\2 {0,2}]]></text>
+        <use name="_year"/>
+        <text><![CDATA[(?![\w\.])]]></text>
+</define>
+
+<!-- just period/dot delimiter.  do not allow any spaces after dots (e.g. "version 5.4. 10" -->
+<define name="_eurodate2" extract="day, litmonth, month, year">
+        <text><![CDATA[(?<![\w\.])]]></text>
+        <use name="_usday"/> 
+	<text><![CDATA[\.]]></text>
+        <use name="_allmonth"/>
+        <text><![CDATA[\.]]></text>
+        <use name="_year"/>
+        <text><![CDATA[(?![\w\.])]]></text>
+</define>
+
+
+<define name="_bareurlitdate" extract="day, litmonth, year">
+	<text><![CDATA[(\d\d?)\|\|(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)\|\|(20\d\d)]]></text>
+</define>
+
+<define name="_orddate" extract="year, ord">
+	<text><![CDATA[\s([01]\d)([0123]\d\d)\s]]></text>
+</define>
+
+<!-- due to high number of false positive matches, this format is
+     limited to special cases.  either at the start of a line or in
+     filename matches only, by prefixing with a "source::" -->
+
+<!-- don't allow multiple spaces after mashed date.  indicates number in column -->
+<define name="_masheddate" extract="year, month, day">
+	<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.|-)(?:20)?([9012]\d)(0\d|1[012])([012]\d|3[01])(?!\d|-| {2,})]]></text>
+</define>
+<define name="_masheddate2" extract="month, day, year">
+	<text><![CDATA[(?:^|source::).*?(?<!\d|\d\.)(0\d|1[012])([012]\d|3[01])(?:20)?([9012]\d)(?!\d| {2,})]]></text>
+</define>
+
+<define name="_utcepoch" extract="utcepoch, subsecond">
+        <!-- update regex before '2030' -->
+	<text><![CDATA[((?<=^|[\s#,"=\(\[\|\{])(?:1[012345678])\d{8}|^@[\da-fA-F]{16,24})(?:\.?(\d{1,6}))?(?![\d\(])]]></text>
+</define>
+
+<timePatterns>
+      <use name="_time"/>
+      <use name="_hmtime"/>
+      <use name="_hmtime"/>
+      <use name="_dottime"/>
+      <use name="_combdatetime"/>
+      <use name="_utcepoch"/>
+      <use name="_combdatetime2"/>
+</timePatterns>
+<datePatterns>
+      <use name="_usdate1"/> 
+      <use name="_usdate2"/> 
+      <use name="_isodate"/>
+      <use name="_eurodate1"/> 
+      <use name="_eurodate2"/> 
+      <use name="_bareurlitdate"/> 
+      <use name="_orddate"/>
+      <use name="_combdatetime"/>
+      <use name="_masheddate"/>
+      <use name="_masheddate2"/>
+      <use name="_combdatetime2"/>
+</datePatterns>
+
+</datetime>
diff --git a/deployment-apps/01-Conf_license_slave/default/app.conf b/deployment-apps/01-Conf_license_slave/default/app.conf
new file mode 100644
index 00000000..149b00b4
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/default/app.conf
@@ -0,0 +1,11 @@
+        [launcher]
+        version = 1.0.0
+        author =  VABOS
+        description = Configure instance as License Slave
+
+        [package]
+        id = Conf_license_slave
+
+
+        [ui]
+        is_visible = false
\ No newline at end of file
diff --git a/deployment-apps/01-Conf_license_slave/default/server.conf b/deployment-apps/01-Conf_license_slave/default/server.conf
new file mode 100644
index 00000000..0fbe02e5
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/default/server.conf
@@ -0,0 +1,9 @@
+        # In distributed environments, it's common to have a lone search head acting
+        # as the license master as well. In this configuration, providing the URI
+        # of the license master is easiest within the indexer_base configuration.
+        # In the event that there are multiple search heads, you could instead use
+        # the org_all_license app, shipped to the non-license SH, as well as all of
+        # the indexers. In either event, the settings are the same.
+
+        [license]
+        master_uri = https://SRVLM01.jpit.com:8089
\ No newline at end of file
diff --git a/deployment-apps/01-Conf_license_slave/local/app.conf b/deployment-apps/01-Conf_license_slave/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/01-Conf_license_slave/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_kvstore_base/default/app.conf b/deployment-apps/01-idx_kvstore_base/default/app.conf
new file mode 100644
index 00000000..693301d5
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Disable Kvstore on Indexers
+
+[package]
+id = edf_idx_kvstore_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_kvstore_base/default/server.conf b/deployment-apps/01-idx_kvstore_base/default/server.conf
new file mode 100644
index 00000000..f4cf81bd
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/default/server.conf
@@ -0,0 +1,4 @@
+# kvstore not needed on indexers, let's disable it
+# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
+[kvstore]
+disabled = true
diff --git a/deployment-apps/01-idx_kvstore_base/local/app.conf b/deployment-apps/01-idx_kvstore_base/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/01-idx_kvstore_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_receiver_port/default/app.conf b/deployment-apps/01-idx_receiver_port/default/app.conf
new file mode 100644
index 00000000..c02c82c7
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Enable receiving on Indexer layer
+
+[package]
+id = edf_idx_receiver_port
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_receiver_port/default/inputs.conf b/deployment-apps/01-idx_receiver_port/default/inputs.conf
new file mode 100644
index 00000000..f9562b95
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/default/inputs.conf
@@ -0,0 +1 @@
+[splunktcp://9997]
diff --git a/deployment-apps/01-idx_receiver_port/local/app.conf b/deployment-apps/01-idx_receiver_port/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/01-idx_receiver_port/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/.DS_Store b/deployment-apps/01-idx_volume_indexes/.DS_Store
new file mode 100644
index 00000000..028aabb7
Binary files /dev/null and b/deployment-apps/01-idx_volume_indexes/.DS_Store differ
diff --git a/deployment-apps/01-idx_volume_indexes/default/app.conf b/deployment-apps/01-idx_volume_indexes/default/app.conf
new file mode 100644
index 00000000..538800e4
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/default/app.conf
@@ -0,0 +1,11 @@
+
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Contient la configuration des volumes de données
+
+[package]
+id = edf_idx_volume_indexes
+
+[ui]
+is_visible = false
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/default/indexes.conf b/deployment-apps/01-idx_volume_indexes/default/indexes.conf
new file mode 100644
index 00000000..840aac3f
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/default/indexes.conf
@@ -0,0 +1,7 @@
+[volume:primary]
+path = /data/splunk_data
+maxVolumeDataSizeMB = 60000
+
+[volume:secondary]
+path = /data_cold/splunk_data
+maxVolumeDataSizeMB = 240000
diff --git a/deployment-apps/01-idx_volume_indexes/local/app.conf b/deployment-apps/01-idx_volume_indexes/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/01-idx_volume_indexes/metadata/local.meta b/deployment-apps/01-idx_volume_indexes/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/01-idx_volume_indexes/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/01-idx_web_base/.DS_Store b/deployment-apps/01-idx_web_base/.DS_Store
new file mode 100644
index 00000000..0f328807
Binary files /dev/null and b/deployment-apps/01-idx_web_base/.DS_Store differ
diff --git a/deployment-apps/01-idx_web_base/default/app.conf b/deployment-apps/01-idx_web_base/default/app.conf
new file mode 100644
index 00000000..184f4caf
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = Mattys Hervé (OBS)
+description = Disable Web access on Indexers
+
+[package]
+id = odin_idx_web_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/01-idx_web_base/default/web.conf b/deployment-apps/01-idx_web_base/default/web.conf
new file mode 100644
index 00000000..ccb5abc9
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/default/web.conf
@@ -0,0 +1,12 @@
+# In larger environments, where there are more than, say, three indexers,
+# it's common to disable the Splunk UI. This helps avoid configuration issues
+# caused by logging in to the UI to do something directly via the manager,
+# as well as saving some system resources.
+
+[settings]
+ startwebserver = 0
+
+# avoid timeout when indexer loaded 
+splunkdConnectionTimeout = 120
+
+
diff --git a/deployment-apps/01-idx_web_base/local/app.conf b/deployment-apps/01-idx_web_base/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/01-idx_web_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/For_MC/local/distsearch.conf b/deployment-apps/For_MC/local/distsearch.conf
new file mode 100644
index 00000000..8ed69257
--- /dev/null
+++ b/deployment-apps/For_MC/local/distsearch.conf
@@ -0,0 +1,27 @@
+[distributedSearch]
+servers = https://SPLCLM01.jpit.com:8089,https://SPLSH01.jpit.com:8089,https://SPLSH02.jpit.com:8089
+
+[distributedSearch:dmc_group_deployment_server]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_kv_store]
+servers = SPLCLM01.jpit.com:8089,SPLSH01.jpit.com:8089,SPLSH02.jpit.com:8089
+
+[distributedSearch:dmc_group_license_master]
+servers = SPLCLM01.jpit.com:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_cluster_master]
+servers = SVLCTMLOGCLM01.unit-c.edf.fr:8089
+
+[distributedSearch:dmc_group_indexer]
+default = true
+servers = SPLIDX01.jpit.com:8089,SPLIDX02.jpit.com:8089
+
+[distributedSearch:dmc_group_search_head]
+servers = SSPLCLM01.jpit.com:8089,SPLSH01.jpit.com:8089,SPLSH02.jpit.com:8089
+
+[distributedSearch:dmc_searchheadclustergroup_Cluster_SH_M-TIC]
+servers = localhost:localhost,SPLSH01.jpit.com:8089,SPLSH02.jpit.com:8089
diff --git a/deployment-apps/README b/deployment-apps/README
new file mode 100644
index 00000000..ea6118b1
--- /dev/null
+++ b/deployment-apps/README
@@ -0,0 +1,6 @@
+This directory is the default repository location for deployable apps in a deployment server 
+configuration.
+
+For details on configuring as a deployment server, see 
+$SPLUNK_HOME/etc/system/README/serverclass.conf.spec, serverclass.conf.example or the Admin manual 
+at http://docs.splunk.com/Documentation.
diff --git a/deployment-apps/all_forwarding_outputs/default/app.conf b/deployment-apps/all_forwarding_outputs/default/app.conf
new file mode 100644
index 00000000..ff2b9411
--- /dev/null
+++ b/deployment-apps/all_forwarding_outputs/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0
+author =  VABOS
+description = Enable forwarding to Indexer layer
+
+[package]
+id = m-tic_all_forwarding_outputs
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/all_forwarding_outputs/default/outputs.conf b/deployment-apps/all_forwarding_outputs/default/outputs.conf
new file mode 100644
index 00000000..86e498aa
--- /dev/null
+++ b/deployment-apps/all_forwarding_outputs/default/outputs.conf
@@ -0,0 +1,11 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group
+defaultGroup = indexer
+maxQueueSize = 7MB
+useACK = true
+forceTimebasedAutoLB = true
+
+[tcpout:indexer]
+server =  SPLIDX01.jpit.com:9997, SPLIDX02.jpit.com:9997
diff --git a/deployment-apps/all_forwarding_outputs/local/app.conf b/deployment-apps/all_forwarding_outputs/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/all_forwarding_outputs/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/catchall_forwarders_inputs/local/app.conf b/deployment-apps/catchall_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/catchall_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/catchall_forwarders_inputs/local/inputs.conf b/deployment-apps/catchall_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..364b54d0
--- /dev/null
+++ b/deployment-apps/catchall_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/catchother/*/*/*.log]
+disabled = false
+index = idx_catchall
+sourcetype = catchall
diff --git a/deployment-apps/catchall_forwarders_inputs/metadata/local.meta b/deployment-apps/catchall_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/catchall_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/cisco_forwarders_inputs/local/app.conf b/deployment-apps/cisco_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/cisco_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/cisco_forwarders_inputs/local/inputs.conf b/deployment-apps/cisco_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..7db2e445
--- /dev/null
+++ b/deployment-apps/cisco_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/cisco/.../*.log]
+disabled = false
+index = idx_m-tic_cisco
+sourcetype = cisco
\ No newline at end of file
diff --git a/deployment-apps/cisco_forwarders_inputs/metadata/local.meta b/deployment-apps/cisco_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/cisco_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/cluster_forwarder_outputs/local/app.conf b/deployment-apps/cluster_forwarder_outputs/local/app.conf
new file mode 100644
index 00000000..7d97740a
--- /dev/null
+++ b/deployment-apps/cluster_forwarder_outputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/cluster_forwarder_outputs/local/outputs.conf b/deployment-apps/cluster_forwarder_outputs/local/outputs.conf
new file mode 100644
index 00000000..52ebf3c8
--- /dev/null
+++ b/deployment-apps/cluster_forwarder_outputs/local/outputs.conf
@@ -0,0 +1,12 @@
+[tcpout]
+defautlGroup = primary_indexers
+maxQueuSize = 100MB
+useACK = true
+forceTimebaseAutoLB = true
+forwardedindex.2.whitelist = (_audit|_introspection|_internal)
+
+[tcpout:primary_indexers]
+server = SPLIDX01.jpit.com:9997, SPLIDX02.jpit.com:9997
+
+#clientCert = $SPLUNK_HOME/etc/auth/server.pem
+#sslPassword = 
diff --git a/deployment-apps/cluster_forwarder_outputs/local/server.conf b/deployment-apps/cluster_forwarder_outputs/local/server.conf
new file mode 100644
index 00000000..e10e8c3a
--- /dev/null
+++ b/deployment-apps/cluster_forwarder_outputs/local/server.conf
@@ -0,0 +1,2 @@
+[sslConfig]
+sslRootCAPath = $SPLUNK_HOME/etc/auth/ca.pem
\ No newline at end of file
diff --git a/deployment-apps/deployer_base/local/app.conf b/deployment-apps/deployer_base/local/app.conf
new file mode 100644
index 00000000..7d97740a
--- /dev/null
+++ b/deployment-apps/deployer_base/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/deployer_base/local/server.conf b/deployment-apps/deployer_base/local/server.conf
new file mode 100644
index 00000000..3278e5ab
--- /dev/null
+++ b/deployment-apps/deployer_base/local/server.conf
@@ -0,0 +1,3 @@
+[shclustering]
+pass4SymmKey = $7$iQ3wl+w1tMlCZXopQ/BDXHv8e+xGXGR10mvQYOiCdPxZuIkKX87oMm85MSkitkPk3PYW2Qhjc/kSMq2B5M0=
+shcluster_label = shcluster
\ No newline at end of file
diff --git a/deployment-apps/esxi_forwarders_inputs/local/app.conf b/deployment-apps/esxi_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/esxi_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/esxi_forwarders_inputs/local/inputs.conf b/deployment-apps/esxi_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..92b3b73c
--- /dev/null
+++ b/deployment-apps/esxi_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/esxi/*/*/*.log]
+disabled = false
+index = idx_esxi
+sourcetype = esxi
\ No newline at end of file
diff --git a/deployment-apps/esxi_forwarders_inputs/metadata/local.meta b/deployment-apps/esxi_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/esxi_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/fortigate_forwarders_inputs/local/app.conf b/deployment-apps/fortigate_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/fortigate_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/fortigate_forwarders_inputs/local/inputs.conf b/deployment-apps/fortigate_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..d9e1c5c4
--- /dev/null
+++ b/deployment-apps/fortigate_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
+disabled = false
+index = idx_fortigate
+sourcetype = fortigate
diff --git a/deployment-apps/fortigate_forwarders_inputs/metadata/local.meta b/deployment-apps/fortigate_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/fortigate_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/idx_indexes_base/default/app.conf b/deployment-apps/idx_indexes_base/default/app.conf
new file mode 100644
index 00000000..b17b3c9c
--- /dev/null
+++ b/deployment-apps/idx_indexes_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default optimisation on Indexers
+
+[package]
+id = edf_idx_indexes_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/idx_indexes_base/default/indexes.conf b/deployment-apps/idx_indexes_base/default/indexes.conf
new file mode 100644
index 00000000..b8a6de5a
--- /dev/null
+++ b/deployment-apps/idx_indexes_base/default/indexes.conf
@@ -0,0 +1,75 @@
+[default]
+thawedPath = $SPLUNK_DB/$_index_name/thaweddb
+coldPath = volume:secondary/$_index_name/colddb
+homePath = volume:primary/$_index_name/db
+tstatsHomePath = volume:primary/$_index_name/datamodel_summary
+tsidxWritingLevel = 4
+journalCompression = zstd
+enableDataIntegrityControl = 0
+enableTsidxReduction = 0
+#archiver.enableDataArchive = 0
+#bucketRebuildMemoryHint = 1
+compressRawdata = 1
+enableOnlineBucketRepair = 1
+rtRouterQueueSize =
+rtRouterThreads =
+selfStorageThreads =
+suspendHotRollByDeleteQuery = 0
+syncMeta = 1
+repFactor = auto
+coldPath.maxDataSizeMB = 5000
+
+[_dsappevent]
+[_dsclient]
+[_dsphonehome]
+[_metrics]
+[_telemetry]
+[_internal]
+[_introspection]
+
+[idx_windows]
+
+[idx_fortigate]
+
+[idx_linux]
+
+[idx_esxi]
+
+[vmware-esxilog]
+
+[vmware-perf-metrics]
+datatype = metric
+
+[vmware-inv]
+
+[vmware-taskevent]
+
+[vmware-vclog]
+
+[idx_alcatel]
+
+[idx_cisco]
+
+[idx_switch]
+
+[idx_catchall]
+
+[idx_catchother]
+
+[idx_other]
+
+[idx_glpi]
+
+[idx_glpi_vm]
+
+[idx_glpi_kb]
+
+[idx_glpi_sep]
+
+[idx_glpi_obsolescence]
+
+[idx_genetec_sc]
+
+[idx_ldap]
+
+[idx_synology]
diff --git a/deployment-apps/idx_indexes_base/local/app.conf b/deployment-apps/idx_indexes_base/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/idx_indexes_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/linux_forwarders_inputs/local/app.conf b/deployment-apps/linux_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/linux_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/linux_forwarders_inputs/local/inputs.conf b/deployment-apps/linux_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..de1525c2
--- /dev/null
+++ b/deployment-apps/linux_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,5 @@
+[monitor:///var/rsyslog/*/linux/.../*.log]
+disabled = 0
+host_segment = 6
+index = idx_m-tic_linux
+sourcetype = syslog_linux
diff --git a/deployment-apps/linux_forwarders_inputs/metadata/local.meta b/deployment-apps/linux_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/linux_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/deployment-apps/sh_cluster_base/default/app.conf b/deployment-apps/sh_cluster_base/default/app.conf
new file mode 100644
index 00000000..eab63c92
--- /dev/null
+++ b/deployment-apps/sh_cluster_base/default/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/sh_cluster_base/default/authorize.conf b/deployment-apps/sh_cluster_base/default/authorize.conf
new file mode 100644
index 00000000..e69de29b
diff --git a/deployment-apps/sh_cluster_base/default/distsearch.conf b/deployment-apps/sh_cluster_base/default/distsearch.conf
new file mode 100644
index 00000000..4b344d11
--- /dev/null
+++ b/deployment-apps/sh_cluster_base/default/distsearch.conf
@@ -0,0 +1,20 @@
+[distributedSearch]
+servers = https://SPLIDX01.jpit.com:8089,https://SPLIDX02.jpit.com:8089
+
+[distributedSearch:dmc_group_deployment_server]
+
+[distributedSearch:dmc_group_kv_store]
+servers = localhost:localhost
+
+[distributedSearch:dmc_group_license_master]
+
+[distributedSearch:dmc_group_shc_deployer]
+
+[distributedSearch:dmc_group_cluster_master]
+
+[distributedSearch:dmc_group_indexer]
+default = false
+servers = SPLIDX01.jpit.com:8089,SPLIDX02.jpit.com:8089
+
+[distributedSearch:dmc_group_search_head]
+servers = localhost:localhost
\ No newline at end of file
diff --git a/deployment-apps/sh_cluster_base/default/fields.conf b/deployment-apps/sh_cluster_base/default/fields.conf
new file mode 100644
index 00000000..e69de29b
diff --git a/deployment-apps/sh_cluster_base/default/server.conf b/deployment-apps/sh_cluster_base/default/server.conf
new file mode 100644
index 00000000..ec784ad8
--- /dev/null
+++ b/deployment-apps/sh_cluster_base/default/server.conf
@@ -0,0 +1,17 @@
+[clustering]
+mode = searchhead
+manager_uri = clustermanager:one
+
+[clustermanager:one]
+manager_uri = https://SPLCLM01.jpit.com:8089
+pass4SymmKey = $7$S9wq9h/bAbFgNYLo/9vsjHEwpY2z8IkPYQ663LGXb6cLu5YmhyEQnSS3+7jNTRzFBQ==
+multisite = false
+
+[shclustering]
+shcluster_label = shcluster
+conf_deploy_fetch_url = https://SPLDSMC.jpit.com:8089
+pass4SymmKey = $7$S9wq9h/bAbFgNYLo/9vsjHEwpY2z8IkPYQ663LGXb6cLu5YmhyEQnSS3+7jNTRzFBQ==
+
+[httpServer]
+maxThreads = 150000
+maxSockets = 250000
\ No newline at end of file
diff --git a/deployment-apps/sh_cluster_base/metadata/default.meta b/deployment-apps/sh_cluster_base/metadata/default.meta
new file mode 100644
index 00000000..93b703a7
--- /dev/null
+++ b/deployment-apps/sh_cluster_base/metadata/default.meta
@@ -0,0 +1,3 @@
+[]
+acces = read : [ * ], write : [ admin ]
+export = system
\ No newline at end of file
diff --git a/deployment-apps/sh_idxcluster_base/default/app.conf b/deployment-apps/sh_idxcluster_base/default/app.conf
new file mode 100644
index 00000000..a662815b
--- /dev/null
+++ b/deployment-apps/sh_idxcluster_base/default/app.conf
@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Configure Search Head for IDX Clustering
+
+[package]
+id = M-TIN_sh_idxcluster_base
+
+
+[ui]
+is_visible = false
diff --git a/deployment-apps/sh_idxcluster_base/default/server.conf b/deployment-apps/sh_idxcluster_base/default/server.conf
new file mode 100644
index 00000000..73f74025
--- /dev/null
+++ b/deployment-apps/sh_idxcluster_base/default/server.conf
@@ -0,0 +1,9 @@
+[general]
+site = site2
+
+[clustering]
+multisite = true
+master_uri = https://SPLCLM01.jpit.com:8089
+mode = searchhead
+pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza
+
diff --git a/deployment-apps/sh_idxcluster_base/local/app.conf b/deployment-apps/sh_idxcluster_base/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/sh_idxcluster_base/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/sh_volume_indexes/default/app.conf b/deployment-apps/sh_volume_indexes/default/app.conf
new file mode 100644
index 00000000..7d97740a
--- /dev/null
+++ b/deployment-apps/sh_volume_indexes/default/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_update = false
+
+[ui]
+is_visible = false
+is_manageable = false
\ No newline at end of file
diff --git a/deployment-apps/sh_volume_indexes/default/indexes.conf b/deployment-apps/sh_volume_indexes/default/indexes.conf
new file mode 100644
index 00000000..8981b3cd
--- /dev/null
+++ b/deployment-apps/sh_volume_indexes/default/indexes.conf
@@ -0,0 +1,6 @@
+# One Volume for Hot and Cold
+[volume:primary]
+path = /opt/splunk/var/lib/splunk
+
+[volume:secondary]
+path = /opt/splunk/var/lib/splunk
\ No newline at end of file
diff --git a/deployment-apps/splunk_ingest_actions/local/app.conf b/deployment-apps/splunk_ingest_actions/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/splunk_ingest_actions/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/splunk_ingest_actions/metadata/default.meta b/deployment-apps/splunk_ingest_actions/metadata/default.meta
new file mode 100644
index 00000000..05c779da
--- /dev/null
+++ b/deployment-apps/splunk_ingest_actions/metadata/default.meta
@@ -0,0 +1,2 @@
+[]
+access = read : [ * ], write : [ admin, power ]
diff --git a/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf b/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
new file mode 100644
index 00000000..db83a27e
--- /dev/null
+++ b/deployment-apps/splunk_monitoring_console/local/splunk_monitoring_console_assets.conf
@@ -0,0 +1,3 @@
+[settings]
+disabled = 0
+configuredPeers = SPLSH01.jpit.com:8089,SPLSH02.jpit.com:8089,SPLIDX01.jpit.com:8089,SPLIDX02.jpit.com:8089,SPLCLM01.jpit.com:8089
\ No newline at end of file
diff --git a/deployment-apps/windows_forwarders_inputs/local/app.conf b/deployment-apps/windows_forwarders_inputs/local/app.conf
new file mode 100644
index 00000000..ae434e75
--- /dev/null
+++ b/deployment-apps/windows_forwarders_inputs/local/app.conf
@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false
diff --git a/deployment-apps/windows_forwarders_inputs/local/inputs.conf b/deployment-apps/windows_forwarders_inputs/local/inputs.conf
new file mode 100644
index 00000000..a33dd687
--- /dev/null
+++ b/deployment-apps/windows_forwarders_inputs/local/inputs.conf
@@ -0,0 +1,7 @@
+[WinEventLog]
+interval=60
+evt_resolve_ad_obj = 0
+evt_dc_name=
+evt_dns_name=
+index = idx_m-tic_windows
+sourcetype = events_windows
\ No newline at end of file
diff --git a/deployment-apps/windows_forwarders_inputs/metadata/local.meta b/deployment-apps/windows_forwarders_inputs/metadata/local.meta
new file mode 100644
index 00000000..d8277686
--- /dev/null
+++ b/deployment-apps/windows_forwarders_inputs/metadata/local.meta
@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system
diff --git a/packages/exporter-metrics.yaml b/packages/exporter-metrics.yaml
new file mode 100644
index 00000000..f24af6ad
--- /dev/null
+++ b/packages/exporter-metrics.yaml
@@ -0,0 +1,19 @@
+exporters:
+  prometheus:
+    endpoint: "127.0.0.1:4318"
+processors:
+  batch: {}
+service:
+  pipelines:
+    metrics:
+      exporters:
+        - prometheus
+      processors:
+        - batch
+      receivers:
+        - prometheus
+  telemetry:
+    logs:
+      level: info
+    metrics:
+      level: none
diff --git a/packages/manifest.yaml b/packages/manifest.yaml
new file mode 100644
index 00000000..01210993
--- /dev/null
+++ b/packages/manifest.yaml
@@ -0,0 +1,38 @@
+packages:
+- file: identity-0.0.1-898de82.tar.gz
+  name: identity
+  signature: '-----BEGIN PGP SIGNATURE-----
+
+
+    iQIzBAABCgAdFiEEWMMzELejVMEnnbZpXvoB7bPNRCAFAmU2sEAACgkQXvoB7bPN
+
+    RCA4gRAAuExobEwHGBuFXmnJyAuJPtjFjNe837ru0hgtfFOGH/xdIQ7sCXTCfze/
+
+    yjjE+yhFsu0XLWpdCCLchPKU5oSk7XlqH1qdKSWvfBBUTtmxz2dKXx01gJRyLpXg
+
+    X0vaGdD7Oft8G7tsvH/rBnPL4JOgpr7GolkeDmlHl9BozjjXLKS8KzYdeU0N1ufK
+
+    dtq7+73k19HS4y+TOi7KjHodxqJ8ReBL2ZnGG04tyDtqbYSyqSSfu7wC0ocScUuo
+
+    +e/D+O6f6fBfafd725M/XmA4YpdHkpK7a5xPULyVxdXEdNMP2yuuPDefZ88RN3Eu
+
+    QS3MgfIlQbVhAXNCMaSQPw1Wl4/F3tZZ4lGuUZzqkw8UuM/XYSs/583bhUxUZq8Y
+
+    CU+tANZVgU9f/3zQhYxr3Oa9QeDKb80OaawcxU0rLsVwYN9uot0Un9CWLrxEZ8aC
+
+    wwKq4gmQIrl36lpj0eka6fPPEehZXTyAcdu8WNFt+rzHcV4T8jUsbQV6vdChriVM
+
+    ExysKUC3KeN1kKYMl1FBbGDz69aDGcQuR/bjBX+mzHswShHC1bVxkiZOMrSSZOtO
+
+    EIneYsMqBa6laofxWaTkjlbp9G+Fjqw4Q09vdaZm6x3KnEkHG3Gz5zePYbiv40U2
+
+    zmrZch58iyYY5BNaIPpwFaFOFU6cLckQV6DlOvRiRlAeFwhpigg=
+
+    =mW3t
+
+    -----END PGP SIGNATURE-----
+
+    '
+  version:
+    id: 0.0.1-898de82
+    semver: v0.1.1
diff --git a/searchLanguage.xml b/searchLanguage.xml
new file mode 100644
index 00000000..5565264b
--- /dev/null
+++ b/searchLanguage.xml
@@ -0,0 +1,632 @@
+<!--   Version 4.0 -->
+                                                                                                                                       
+
+<language>
+    <options>
+       <useAdvancedQuery>false</useAdvancedQuery>
+    </options>
+
+    <controls>
+        <control>
+            <token>SEARCH</token>
+                <modules>
+
+                    <module>
+                        <name>savedSplunkLoader</name>
+                        <requiredArgs>
+                            <arg>savedsplunk</arg>
+                        </requiredArgs>                        
+                    </module>
+
+                    <module>
+                        <name>savedSplunkLoader</name>
+                        <requiredArgs>
+                            <arg>savedsearch</arg>
+                        </requiredArgs>                        
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startdaysago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startdaysago>1</startdaysago>
+                        </defaults>
+                    </module>
+
+                    <module>
+		        <name>sortmeta</name>
+                        <requiredArgs>
+                            <arg>sort</arg> 
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>order</arg>
+                        </optionalArgs>
+                    </module>
+
+                    <module>
+		        <name>lastby</name>
+                        <requiredArgs>
+                            <arg>lastby</arg> 
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+		        <name>readtimeout</name>
+                        <requiredArgs>
+                            <arg>readtimeout</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <readtimeout>5</readtimeout>
+                        </defaults>
+                    </module>
+
+                    <module>
+		        <name>queryid</name>
+                        <requiredArgs>
+                            <arg>queryid</arg> 
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>sortorder</name>
+                        <requiredArgs>
+                            <arg>!resultsetsortby</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>readlevel</name>
+                        <requiredArgs>
+                            <arg>readlevel</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>readlimit</name>
+                        <requiredArgs>
+                            <arg>readlimit</arg> 
+                        </requiredArgs>                      
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startminutesago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startminutesago>1</startminutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starthoursago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <starthoursago>1</starthoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>startmonthsago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <startmonthsago>1</startmonthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>enddaysago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <enddaysago>1</enddaysago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endminutesago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endminutesago>1</endminutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endhoursago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endhoursago>1</endhoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endmonthsago</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <endmonthsago>1</endmonthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanhours</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanhours>1</searchtimespanhours>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanminutes</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanminutes>1</searchtimespanminutes>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespandays</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespandays>1</searchtimespandays>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>searchtimespanmonths</arg> 
+                        </requiredArgs>
+                        <defaults>
+                            <searchtimespanmonths>1</searchtimespanmonths>
+                        </defaults>
+                    </module>
+
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starttime</arg>
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>timeformat</arg>
+                        </optionalArgs>
+                        <defaults>
+                            <starttime>12/31/1969:16:00:00</starttime>
+                            <timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endtime</arg>
+                        </requiredArgs>
+                        <optionalArgs>
+                            <arg>timeformat</arg>
+                        </optionalArgs>
+                        <defaults>
+                            <endtime>12/31/2022:16:00:00</endtime>
+                            <timeformat>%m/%d/%Y:%H:%M:%S</timeformat>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>starttimeu</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <starttimeu>0</starttimeu>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>endtimeu</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <endtimeu>1672531200</endtimeu>
+                        </defaults>
+                    </module>
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>daysago</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <daysago>1</daysago>
+                        </defaults>
+                    </module>
+
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                             <arg>minutesago</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <minutesago>1</minutesago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                             <arg>hoursago</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <hoursago>1</hoursago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>time</name>
+                        <requiredArgs>
+                            <arg>monthsago</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <monthsago>1</monthsago>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>maxtime</name>
+                        <requiredArgs>
+                            <arg>maxtime</arg>
+                         </requiredArgs>
+                        <defaults>
+                            <maxtime>60</maxtime>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>countSetter</name>
+                        <requiredArgs>
+                            <arg>maxevents</arg>
+                        </requiredArgs>
+                        <defaults>
+                            <maxevents>typeahead_suppress</maxevents>
+                        </defaults>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>eventtype</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>tag</arg>
+                        </requiredArgs>
+                    </module>
+
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>typetag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>eventtypeResolver</name>
+                        <requiredArgs>
+                            <arg>eventtypetag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>hosttagResolver</name>
+                        <requiredArgs>
+                            <arg>hosttag</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                        <name>sourcetypeResolver</name>
+                        <requiredArgs>
+                            <arg>sourcetype</arg>
+                        </requiredArgs>
+                    </module>
+               
+                    <module>
+                        <name>domainFinder</name>
+                        <requiredArgs>
+                            <arg>index</arg>
+                        </requiredArgs>
+                    </module>
+
+
+                    <module>
+                        <name>connectedbytype</name>
+                        <requiredArgs>
+                            <arg>relatedbytype</arg>
+                        </requiredArgs>
+                        <optionalArgs>      
+                            <arg>minrelationbytype</arg>
+                        </optionalArgs>
+                    </module>
+
+                    <module>
+                        <name>historyuser</name>
+                        <requiredArgs>
+                           <arg>user</arg>
+                        </requiredArgs>
+                    </module>
+
+                    <module>
+                       <name>regexFilter</name>
+                        <requiredArgs>
+                           <arg>grep</arg>
+                        </requiredArgs>                       
+                    </module>
+
+
+                    <module>
+                        <name>debugCommand</name>
+                        <requiredArgs>
+                           <arg>!++cmd++</arg>
+                        </requiredArgs>
+                        <optionalArgs>      
+                            <arg>!++param1++</arg>
+                            <arg>!++param2++</arg>
+                        </optionalArgs>
+                   </module>
+
+               </modules>
+        </control>
+
+        <control>
+            <token>GET</token>
+            <modules>
+
+                <module>
+                    <name>eventGetter</name>
+                    <requiredArgs>
+                        <arg>events</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>summarize</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>SEARCH</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>timebucketsGetter</name>
+                    <requiredArgs>
+                        <arg>timebuckets</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>SEARCH</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>reportGetter</name>
+                    <requiredArgs>
+                        <arg>report</arg>
+                    </requiredArgs>
+                </module>                
+
+                <module>
+                    <name>typeGetter</name>
+                    <requiredArgs>
+                        <arg>types</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>samplesfortypes</arg>
+                    </optionalArgs>
+                </module>
+
+                <module>
+                    <name>searchGetter</name>
+                    <requiredArgs>
+                        <arg>searches</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>samplesfortypes</arg>
+                    </optionalArgs>
+                </module>
+
+                <module>
+                    <name>hostGetter</name>
+                    <requiredArgs>
+                        <arg>hosts</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceTypeGetter</name>
+                    <requiredArgs>
+                        <arg>sourcetypes</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>eventTagGetter</name>
+                    <requiredArgs>
+                        <arg>eventtags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>hostTagGetter</name>
+                    <requiredArgs>
+                        <arg>hosttags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceTypeTagGetter</name>
+                    <requiredArgs>
+                        <arg>sourcetypetags</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>sourceGetter</name>
+                    <requiredArgs>
+                        <arg>sources</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>reportGetter</name>
+                    <requiredArgs>
+                        <arg>report</arg>
+                    </requiredArgs>
+                </module>
+
+                <module>
+                    <name>formatGetter</name>
+                    <requiredArgs>
+                        <arg>formats</arg>
+                    </requiredArgs>
+                </module>
+
+            </modules>
+        </control>
+
+        <control>
+            <token>OUTPUT</token>
+            <modules>
+    
+                <module>
+                    <name>emailOut</name>
+                    <requiredArgs>
+                        <arg>email</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+    
+
+                <module>
+                   <name>schedOut</name>
+                   <requiredArgs>
+                       <arg>scheduler</arg>
+                   </requiredArgs>
+                    <optionalArgs>
+                        <arg>resolveids</arg>
+                    </optionalArgs>
+                </module>
+                         
+                <module>
+                   <name>schedOut</name>
+                   <requiredArgs>
+                       <arg>summary</arg>
+                   </requiredArgs>
+                    <optionalArgs>
+                        <arg>resolveids</arg>
+                    </optionalArgs>
+                </module>     
+
+                <module>
+                    <name>rssOut</name>
+                    <requiredArgs>
+                        <arg>rssfeed</arg>                            
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+    
+                <module>
+                    <name>splunkUIOut</name>
+                    <requiredArgs>
+                        <arg>splunkui</arg>                            
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                        <arg>idcount</arg>
+                        <arg>maxlines</arg>
+                        <arg>timeformat</arg>
+                    </optionalArgs>                        
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+                  
+    
+                <module>
+                    <name>exportOut</name>
+                    <requiredArgs>
+                        <arg>exportto</arg>
+                    </requiredArgs>
+                    <optionalArgs>
+                        <arg>format</arg>
+                    </optionalArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+
+                <module>
+                    <name>raweventsOut</name>
+                    <requiredArgs>
+                        <arg>rawevents</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+
+
+                <module>
+                    <name>magicgraph</name>
+                    <requiredArgs>
+                        <arg>magicgraph</arg>
+                    </requiredArgs>
+                    <requiredControls>
+                        <token>GET</token>
+                    </requiredControls>
+                </module>
+            </modules>   
+        </control>
+    </controls>
+
+    <!--
+    Examples :
+
+    Running a normal splunk ui query
+        SEARCH get NOT post NOT( eventtype::error OR connected::foo:1:123544 ) count::100000 domain::splunkdb1 
+        GET events::0-20 types::all sourcetypes::all timebuckets::all 
+        OUTPUT splunkui::ajax format::heavy  
+
+    Running a query to email all the sources in the system to brian@splunk.com with html email format
+        GET sources::all 
+        OUTPUT email::brian@splunk.com format::htmlmail
+    -->
+</language>
diff --git a/splunk-launch.conf b/splunk-launch.conf
new file mode 100644
index 00000000..4f4615e4
--- /dev/null
+++ b/splunk-launch.conf
@@ -0,0 +1,26 @@
+#   Version 9.3.1
+
+# Modify the following line to suit the location of your Splunk install.
+# If unset, Splunk will use the parent of the directory containing the splunk
+# CLI executable.
+#
+# SPLUNK_HOME=/home/build/build-home
+
+# By default, Splunk stores its indexes under SPLUNK_HOME in the
+# var/lib/splunk subdirectory.  This can be overridden
+# here:
+#
+# SPLUNK_DB=/home/build/build-home/var/lib/splunk
+# Splunkd daemon name
+SPLUNK_SERVER_NAME=Splunkd
+
+# If SPLUNK_OS_USER is set, then Splunk service will only start
+# if the 'splunk [re]start [splunkd]' command is invoked by a user who
+# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
+# (This setting can be specified as username or as UID.)
+#
+# SPLUNK_OS_USER
+PYTHONHTTPSVERIFY=0
+PYTHONUTF8=1
+ENABLE_CPUSHARES=true
+OPTIMISTIC_ABOUT_FILE_LOCKING=1
diff --git a/splunk.version b/splunk.version
new file mode 100644
index 00000000..d97c0719
--- /dev/null
+++ b/splunk.version
@@ -0,0 +1,4 @@
+VERSION=9.3.1
+BUILD=0b8d769cb912
+PRODUCT=splunk
+PLATFORM=Linux-x86_64