admingit
/
Splunk_Deploiement
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '835d839383'
${ noResults }
Splunk_Deploiement/apps/trackme/appserver/static/js/build/globalConfig.json

4546 lines
234 KiB
Raw Blame History

{
"pages": {
"configuration": {
"tabs": [
{
"name": "account",
"groups": [
{
"label": "Remote Account Information",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"name",
"splunk_url",
"bearer_token",
"token_management"
]
},
{
"label": "Application and Namespace Settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"app_namespace",
"rbac_roles"
]
},
{
"label": "Timeout Configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"timeout_connect_check",
"timeout_search_check"
]
},
{
"label": "Bearer token management",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"token_rotation_enablement",
"token_rotation_frequency"
]
}
],
"restHandlerModule": "trackme_rh_account_handler",
"restHandlerClass": "CustomRestHandlerCreateRemoteAccount",
"table": {
"actions": [
"edit",
"delete",
"clone"
],
"header": [
{
"label": "Name",
"field": "name"
},
{
"label": "Splunk URL(s)",
"field": "splunk_url"
},
{
"label": "App Namespace",
"field": "app_namespace"
},
{
"label": "RBAC Roles",
"field": "rbac_roles"
},
{
"label": "Timeout Connect",
"field": "timeout_connect_check"
},
{
"label": "Timeout Search",
"field": "timeout_search_check"
},
{
"label": "Bearer token rotation",
"field": "token_rotation_enablement"
},
{
"label": "Rotation frequency (days)",
"field": "token_rotation_frequency"
}
]
},
"entity": [
{
"type": "text",
"label": "Name",
"validators": [
{
"type": "string",
"errorMsg": "Length of ID should be between 1 and 50",
"minLength": 1,
"maxLength": 50
},
{
"type": "regex",
"errorMsg": "Name must begin with a letter and consist exclusively of lower case alphanumeric characters and underscores.",
"pattern": "^[a-z][0-9a-z_]*$"
}
],
"field": "name",
"help": "Enter a unique name for this Splunk remote environment. (lower case alphanumeric characters and underscores)",
"required": true
},
{
"type": "text",
"label": "Splunk targets URL and port",
"validators": [
{
"type": "regex",
"errorMsg": "Value should be in the format https://<fqdn>:<port>,https://<fqdn>:<port>...",
"pattern": "^(https://[a-zA-Z0-9._-]+:\\d+)(,https://[a-zA-Z0-9._-]+:\\d+)*$"
}
],
"help": "A list of comma separated list of targets, ex: https://splunk1:8089,https://splunk2:8089 (SSL is enforced and URLs will be prefixed with https:// if not set), the URL can be based on IP or FQDN",
"field": "splunk_url",
"required": true,
"options": {
"display": true
}
},
{
"type": "text",
"label": "Bearer token",
"validators": [
{
"type": "regex",
"errorMsg": "A bearer token is a long string generated by Splunk on the remote deployment.",
"pattern": "^.{100,}$"
}
],
"help": "The bearer token providing access to the remote Splunk environment, connect to the remote Splunk environment and generate a token with the required permissions.",
"field": "bearer_token",
"options": {
"display": true
},
"encrypted": true,
"required": true
},
{
"type": "text",
"label": "Application namespace",
"validators": [
{
"type": "regex",
"errorMsg": "Value should be the name of the Splunk application on the remote deployment which will be used as the environment where searches are executed.",
"pattern": "^.+$"
}
],
"help": "The Splunk application namespace on the remote system where searches will be executed, defaults to the Splunk search app",
"field": "app_namespace",
"options": {
"display": true
},
"defaultValue": "search",
"required": true
},
{
"type": "text",
"label": "Role Based Access Control",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "A comma separated list of Splunk roles that are allowed to access this account, either by direct membership or by inheritance",
"field": "rbac_roles",
"options": {
"display": true
},
"defaultValue": "admin,sc_admin,trackme_user,trackme_power,trackme_admin",
"required": true
},
{
"type": "text",
"label": "Timeout value at connect",
"help": "The maximal timeout value in seconds, which applies to the health check connect test. When the remote search is executed, TrackMe first runs a health check against the target to validate the connectivity. If the health check fails, the next member of the pool is used if applicable, otherwise the search is aborted. Increase this value if you experience issues with targets that may be sometimes overloaded and would respond slower than expected. Defaults to 15 seconds.",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"defaultValue": "15",
"field": "timeout_connect_check"
},
{
"type": "text",
"label": "Timeout value at search",
"help": "The maximal timeout value in seconds, this applies to the remote search connection, increase this value if you experience issues with targets that may be slow in response. Defaults to 600 seconds.",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"defaultValue": "600",
"field": "timeout_search_check"
},
{
"type": "singleSelect",
"label": "Bearer token auto rotation",
"help": "Automatically attempt to rotate the bearer token for this account based on the submitted frequency in days, this requires the account to have the edit_tokens_own capability",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"required": true,
"field": "token_rotation_enablement",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "Rotation frequency (days)",
"help": "The frequency in days at which the bearer token should be rotated, once this value is reached, TrackMe will attempt to rotate the token. (defaults to 7 days)",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"defaultValue": "7",
"field": "token_rotation_frequency"
}
],
"title": "Remote deployments"
},
{
"name": "vtenants",
"groups": [
{
"label": "Virtual Tenant Identification",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"name",
"alias",
"description"
]
},
{
"label": "Priority and Pagination",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"default_priority",
"pagination_mode",
"pagination_size"
]
},
{
"label": "User Interface Preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"ui_default_timerange",
"ui_min_object_width",
"ui_expand_metrics",
"ui_home_tabs_order"
]
},
{
"label": "Disruption Queue Management",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"default_disruption_min_time_sec"
]
},
{
"label": "Feature Behavior Settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"monitoring_time_policy",
"data_sampling_obfuscation",
"adaptive_delay",
"mloutliers",
"mloutliers_allowlist",
"sampling"
]
},
{
"label": "Delayed Inspector preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_feeds_delayed_inspector_24hours_range_min_sec",
"splk_feeds_delayed_inspector_7days_range_min_sec",
"splk_feeds_delayed_inspector_until_disabled_range_min_sec"
]
},
{
"label": "Auto Disablement and Constraints",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_feeds_auto_disablement_period",
"indexed_constraint"
]
},
{
"label": "CMDB Integration Settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"cmdb_lookup",
"splk_dsm_cmdb_search",
"splk_dhm_cmdb_search",
"splk_mhm_cmdb_search",
"splk_flx_cmdb_search",
"splk_fqm_cmdb_search",
"splk_wlk_cmdb_search"
]
},
{
"label": "GroupBy Settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_dsm_tabulator_groupby",
"splk_dhm_tabulator_groupby",
"splk_mhm_tabulator_groupby",
"splk_flx_tabulator_groupby",
"splk_fqm_tabulator_groupby",
"splk_wlk_tabulator_groupby"
]
},
{
"label": "Impact Scoring Configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"impact_score_outliers_default",
"impact_score_dsm_data_sampling_anomaly",
"impact_score_dsm_delay_threshold_breach",
"impact_score_dsm_latency_threshold_breach",
"impact_score_dsm_min_hosts_dcount_breach",
"impact_score_dsm_future_tolerance_breach",
"impact_score_dhm_delay_threshold_breach",
"impact_score_dhm_latency_threshold_breach",
"impact_score_dhm_future_tolerance_breach",
"impact_score_mhm_metric_alert",
"impact_score_mhm_future_tolerance_breach",
"impact_score_flx_inactive",
"impact_score_flx_status_not_met",
"impact_score_fqm_status_not_met",
"impact_score_wlk_skipping_searches",
"impact_score_wlk_execution_errors",
"impact_score_wlk_orphan_search",
"impact_score_wlk_execution_delayed",
"impact_score_wlk_out_of_monitoring_times",
"impact_score_wlk_status_not_met"
]
}
],
"table": {
"actions": [
"edit",
"delete"
],
"header": [
{
"label": "Tenant ID",
"field": "name"
},
{
"label": "Tenant Alias",
"field": "alias"
},
{
"label": "Tenant Description",
"field": "description"
}
]
},
"entity": [
{
"type": "text",
"label": "Tenant ID",
"validators": [
{
"type": "regex",
"errorMsg": "Alphabetical, digits, hyphens, underscores.",
"pattern": "^[0-9a-z\\-\\_]*$"
}
],
"field": "name",
"help": "The main identifier for the tenant",
"required": true
},
{
"type": "text",
"label": "Tenant Alias",
"validators": [
{
"type": "regex",
"errorMsg": "If set, cannot be empty.",
"pattern": "^.+$"
}
],
"field": "alias",
"help": "The alias name of the tenant, used in the UI its value can be changed at any time, if unset its value will be the same as the tenant ID",
"required": false
},
{
"type": "text",
"label": "Description",
"validators": [
{
"type": "string",
"errorMsg": "Length of description should be between 1 and 100",
"minLength": 1,
"maxLength": 100
},
{
"type": "regex",
"errorMsg": "The virtual tenant description.",
"pattern": "^.*$"
}
],
"field": "description",
"help": "Enter the Virtual Tenant description",
"required": false
},
{
"type": "singleSelect",
"label": "Default entities priority at discovery",
"validators": [
{
"type": "regex",
"errorMsg": "value must be a valid priority value.",
"pattern": "^(low|medium|high|critical|pending)$"
}
],
"help": "Priority management - this setting defines the default priority assigned to entities at the time of their discovery. This applies to all components in the Virtual Tenant.",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "critical",
"label": "Critical"
},
{
"value": "high",
"label": "High"
},
{
"value": "medium",
"label": "Medium"
},
{
"value": "low",
"label": "Low"
},
{
"value": "pending",
"label": "pending"
}
]
},
"defaultValue": "medium",
"required": true,
"field": "default_priority"
},
{
"type": "singleSelect",
"label": "Tabulator Pagination Mode",
"validators": [
{
"type": "regex",
"errorMsg": "value is invalid.",
"pattern": "^(local|remote)$"
}
],
"help": "The pagination can be remote (server side) or local (client side), in most cases, client side would lead to better performance and faster load time especially when filtering on entities.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "local",
"label": "local"
},
{
"value": "remote",
"label": "remote"
}
]
},
"defaultValue": "local",
"field": "pagination_mode"
},
{
"type": "text",
"label": "Tabulator Pagination Size",
"help": "The pagination size drives the number of records per page, too many records on the same page for high scale collections can negatively impact the UI performance at load time.",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"defaultValue": "10000",
"field": "pagination_size"
},
{
"type": "singleSelect",
"label": "UI prefs - Default time range",
"validators": [
{
"type": "regex",
"errorMsg": "value must be a valid time quantifier.",
"pattern": "^[1-9][0-9]*[mhd]$"
}
],
"help": "UI tenant preferences - for all component - This defines the default time range window when accessing the overview screen of TrackMe entities.",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "30m",
"label": "30m"
},
{
"value": "60m",
"label": "60m"
},
{
"value": "2h",
"label": "2h"
},
{
"value": "4h",
"label": "4h"
},
{
"value": "8h",
"label": "8h"
},
{
"value": "12h",
"label": "12h"
},
{
"value": "24h",
"label": "24h"
},
{
"value": "48h",
"label": "48h"
},
{
"value": "7d",
"label": "7d"
},
{
"value": "15d",
"label": "15d"
},
{
"value": "30d",
"label": "30d"
},
{
"value": "60d",
"label": "60d"
},
{
"value": "90d",
"label": "90d"
},
{
"value": "180d",
"label": "180d"
},
{
"value": "365d",
"label": "365d"
}
]
},
"defaultValue": "24h",
"required": true,
"field": "ui_default_timerange"
},
{
"type": "text",
"label": "UI prefs - Object min width",
"help": "UI tenant preferences - for all component - the minimal width in pixels for the object field, increase this value to handle long entity names",
"defaultValue": "300",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "ui_min_object_width"
},
{
"type": "singleSelect",
"label": "UI prefs - expand metrics",
"help": "UI tenant preferences - for all eligible components - expand metrics information by default or rely on the right click context menu",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "0",
"required": true,
"field": "ui_expand_metrics",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "UI prefs - Home tabs visibility and order",
"help": "UI tenant preferences - list of tabs to be displayed in the Home UI in a comma separated list, the order of the tabs is defined by the order of the list",
"required": true,
"defaultValue": "dsm,flx,dhm,mhm,wlk,fqm,flip,audit,alerts",
"field": "ui_home_tabs_order",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of tab names.",
"pattern": "^[a-zA-Z0-9,]+$"
}
]
},
{
"type": "text",
"label": "Default minimal disruption period",
"help": "You can define the default minimal disruption period in seconds. If enabled with a positive value, this defines the minimal period of continuous disruption before the entity can transition to red state if in anomaly. Use 0 to disable the default period, which can also be set at the entity level.",
"defaultValue": "0",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "default_disruption_min_time_sec"
},
{
"type": "singleSelect",
"label": "Sampling obfuscation",
"help": "feature tenant behaviour - for splk-dsm only - when generating Data samples, you can use this option to avoid storing clear text copies of sampled events in the KVstore",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "0",
"field": "data_sampling_obfuscation",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "singleSelect",
"label": "Adaptive delay",
"help": "feature tenant behaviour - for splk-dsm/dhm only - Enable or Disable at the tenant level the adaptive delay feature, this feature will automatically adjust the delay threshold using Machine Learning techniques and the historical data",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "adaptive_delay",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "singleSelect",
"label": "Enable Machine Learning",
"help": "Machine Learning Outliers Anomaly Detection - You can choose to enable or disable entirely all ML Outliers Anomaly Detection features at the tenant level, this applies to any eligibile component enabled in this Virtual Tenant",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "mloutliers",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "Enable Machine Learning allowlist",
"help": "The list of TrackMe components for which Machine Learning Outliers enablement applies, this is a comma separated list of component names, the default is: dsm,dhm,flx,wlk. When enabling Machine Learning Outliers for a given tenant, you can restrict the list of components for which the feature is enabled.",
"required": true,
"defaultValue": "dsm,dhm,flx,wlk,fqm",
"field": "mloutliers_allowlist",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of components names.",
"pattern": "^[a-zA-Z0-9,]+$"
}
]
},
{
"type": "singleSelect",
"label": "Enable Data Sampling (spl-dsm only)",
"help": "Events and format recognition - You can choose to enable or disable entirely the event and format recognition feature (Data sampling) at the tenant level, this applies to splk-dsm only, and would have no effects on other components",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "sampling",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "Default monitoring time policy",
"help": "The default monitoring time policy for this tenant, this is a string value that represents the monitoring time policy, the default is: all_time. (accepts: all_time, business_days_all_hours, monday_saturday_all_hours, business_days_08h_20h, monday_saturday_08h_20h or a JSON dictionary)",
"required": true,
"defaultValue": "all_time",
"field": "monitoring_time_policy",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "Delayed Inspector: 24 hours range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the 24 hours range delayed inspector, defaults to 14400 seconds. (4 hours) If set to 0, the delayed inspector will be disabled for that range.",
"defaultValue": "14400",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_feeds_delayed_inspector_24hours_range_min_sec"
},
{
"type": "text",
"label": "Delayed Inspector: 7 days range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the 7 days range delayed inspector, defaults to 43200 seconds. (12 hours) If set to 0, the delayed inspector will be disabled for that range.",
"defaultValue": "43200",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_feeds_delayed_inspector_7days_range_min_sec"
},
{
"type": "text",
"label": "Delayed Inspector: until disabled range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the until disabled range delayed inspector, defaults to 172800 seconds. (48 hours) If set to 0 or auto disablement period is set to 0d, the delayed inspector will be disabled for that range.",
"defaultValue": "172800",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_feeds_delayed_inspector_until_disabled_range_min_sec"
},
{
"type": "text",
"label": "Auto disablement period (splk-dsm/splk-dhm/splk-mhm)",
"help": "For splk-dsm/splk-dhm/splk-mhm only, defines the period in relative days, after which an inactive entity (not sending data actively) gets disabled automatically, set to 0d to disable the feature. The Virtual Tenant level setting overrides the system default setting.",
"defaultValue": "60d",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected <days>d, ex: 60d.",
"pattern": "^[0-9]*d$"
}
],
"field": "splk_feeds_auto_disablement_period"
},
{
"type": "text",
"label": "Global indexed fields constraint",
"help": "Custom global indexed field constraint - for splk-dsm/splk-dhm only - If set, this option allows ensuring that a custom set of indexed fields are used in auto-generated searches such as SmartStatus searches for this tenant, this can be useful for instance if all trackers of this tenant are calling a specific splunk_server or splunk_server_group as part of their search",
"required": false,
"defaultValue": "",
"field": "indexed_constraint",
"validators": [
{
"type": "regex",
"errorMsg": "Indexed constraint cannot be empty if provided.",
"pattern": "^.*$"
}
]
},
{
"type": "singleSelect",
"label": "Enable CMDB integration",
"help": "CMDB lookup integration - Enable or disable the UI CMDB integration for this tenant",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "cmdb_lookup",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-dsm",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection",
"defaultValue": "",
"required": false,
"field": "splk_dsm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-dhm",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection",
"defaultValue": "",
"required": false,
"field": "splk_dhm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-mhm",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "",
"required": false,
"field": "splk_mhm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-flx",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "",
"required": false,
"field": "splk_flx_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-fqm",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "",
"required": false,
"field": "splk_fqm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-wlk",
"help": "If set, overrides the global config value - The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "",
"required": false,
"field": "splk_wlk_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "splk-dsm Tabulator GroupBy",
"help": "If this tenant uses splk-dsm: The Tabulator GroupBy definition for the splk-dsm component, you can use a comma separated list of fields (multi-level grouping), or an expression. for splk-dsm, the default is: data_index - you can for instance use: data_index,priority to group by data_index and then by priority. Expressions only support single level grouping, and can be used calling any field in the Tabulator result (prefixed with data.), for instance: data.data_index + \":\" + data.priority",
"required": true,
"defaultValue": "data_index",
"field": "splk_dsm_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "splk-dhm Tabulator GroupBy",
"help": "If this tenant uses splk-dhm: The Tabulator GroupBy definition for the splk-dhm component, this component by default does not do grouping. You can use a comma separated list of fields, or an expression. (see the component above)",
"required": true,
"defaultValue": "tenant_id",
"field": "splk_dhm_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "splk-mhm Tabulator GroupBy",
"help": "If this tenant uses splk-mhm: The Tabulator GroupBy definition for the splk-mhm component, this component by default does not do grouping. You can use a comma separated list of fields, or an expression. (see the component above)",
"required": true,
"defaultValue": "tenant_id",
"field": "splk_mhm_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "splk-flx Tabulator GroupBy",
"help": "If this tenant uses splk-flx: The Tabulator GroupBy definition for the splk-flx component, this component by default groups over a field called group. You can use a comma separated list of fields, or an expression. (see the component above)",
"required": true,
"defaultValue": "group",
"field": "splk_flx_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "splk-fqm Tabulator GroupBy",
"help": "If this tenant uses splk-fqm: The Tabulator GroupBy definition for the splk-fqm component, this component by default groups over a field called group. You can use a comma separated list of fields, or an expression. (see the component above)",
"required": true,
"defaultValue": "metadata_datamodel,metadata_index,metadata_sourcetype",
"field": "splk_fqm_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "splk-wlk Tabulator GroupBy",
"help": "If this tenant uses splk-wlk: The Tabulator GroupBy definition for the splk-wlk component, this component by default groups over a field called overgroup. You can use a comma separated list of fields, or an expression. (see the component above)",
"required": true,
"defaultValue": "overgroup",
"field": "splk_wlk_tabulator_groupby",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be empty.",
"pattern": "^.*$"
}
]
},
{
"type": "text",
"label": "Outliers - Default Impact Score",
"help": "The default impact score (0-100) assigned when outliers are detected. An entity is green if the accumulated score is 0, orange if >0 and <100, red if >=100.",
"defaultValue": "36",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_outliers_default"
},
{
"type": "text",
"label": "DSM - Data Sampling Anomaly Impact Score",
"help": "Impact score (0-100) assigned when data sampling anomalies are detected.",
"defaultValue": "36",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dsm_data_sampling_anomaly"
},
{
"type": "text",
"label": "DSM - Delay Threshold Breach Impact Score",
"help": "Impact score (0-100) assigned when delay threshold is breached.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dsm_delay_threshold_breach"
},
{
"type": "text",
"label": "DSM - Latency Threshold Breach Impact Score",
"help": "Impact score (0-100) assigned when latency threshold is breached.",
"defaultValue": "48",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dsm_latency_threshold_breach"
},
{
"type": "text",
"label": "DSM - Min Hosts Dcount Breach Impact Score",
"help": "Impact score (0-100) assigned when minimum host count threshold is breached.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dsm_min_hosts_dcount_breach"
},
{
"type": "text",
"label": "DSM - Future Tolerance Breach Impact Score",
"help": "Impact score (0-100) assigned when future tolerance threshold is breached.",
"defaultValue": "36",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dsm_future_tolerance_breach"
},
{
"type": "text",
"label": "DHM - Delay Threshold Breach Impact Score",
"help": "Impact score (0-100) assigned when delay threshold is breached.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dhm_delay_threshold_breach"
},
{
"type": "text",
"label": "DHM - Latency Threshold Breach Impact Score",
"help": "Impact score (0-100) assigned when latency threshold is breached.",
"defaultValue": "48",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dhm_latency_threshold_breach"
},
{
"type": "text",
"label": "DHM - Future Tolerance Breach Impact Score",
"help": "Impact score (0-100) assigned when future tolerance threshold is breached.",
"defaultValue": "36",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_dhm_future_tolerance_breach"
},
{
"type": "text",
"label": "MHM - Metric Alert Impact Score",
"help": "Impact score (0-100) assigned when metric alert (delay threshold breach) is detected.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_mhm_metric_alert"
},
{
"type": "text",
"label": "MHM - Future Tolerance Breach Impact Score",
"help": "Impact score (0-100) assigned when future tolerance threshold is breached.",
"defaultValue": "36",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_mhm_future_tolerance_breach"
},
{
"type": "text",
"label": "FLX - Inactive Impact Score",
"help": "Impact score (0-100) assigned when entity is inactive.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_flx_inactive"
},
{
"type": "text",
"label": "FLX - Status Not Met Impact Score",
"help": "Impact score (0-100) assigned when entity status does not meet monitoring rules.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_flx_status_not_met"
},
{
"type": "text",
"label": "FQM - Status Not Met Impact Score",
"help": "Impact score (0-100) assigned when entity status does not meet monitoring rules.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_fqm_status_not_met"
},
{
"type": "text",
"label": "WLK - Skipping Searches Impact Score",
"help": "Impact score (0-100) assigned when searches are being skipped.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_skipping_searches"
},
{
"type": "text",
"label": "WLK - Execution Errors Impact Score",
"help": "Impact score (0-100) assigned when execution errors are detected.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_execution_errors"
},
{
"type": "text",
"label": "WLK - Orphan Search Impact Score",
"help": "Impact score (0-100) assigned when orphan searches are detected.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_orphan_search"
},
{
"type": "text",
"label": "WLK - Execution Delayed Impact Score",
"help": "Impact score (0-100) assigned when execution is delayed.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_execution_delayed"
},
{
"type": "text",
"label": "WLK - Out of Monitoring Times Impact Score",
"help": "Impact score (0-100) assigned when entity is out of monitoring times.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_out_of_monitoring_times"
},
{
"type": "text",
"label": "WLK - Status Not Met Impact Score",
"help": "Impact score (0-100) assigned when entity status does not meet monitoring rules.",
"defaultValue": "100",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Must be an integer between 0 and 100.",
"pattern": "^([0-9]|[1-9][0-9]|100)$"
}
],
"field": "impact_score_wlk_status_not_met"
}
],
"title": "Virtual Tenants"
},
{
"name": "emails",
"groups": [
{
"label": "Emails",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"name",
"email_server",
"email_username",
"email_password",
"email_security",
"allowed_email_domains",
"environment_name",
"sender_email",
"email_format",
"email_footer"
]
}
],
"table": {
"actions": [
"edit",
"delete",
"clone"
],
"header": [
{
"label": "Name",
"field": "name"
},
{
"label": "Mail server",
"field": "email_server"
},
{
"label": "Mail username",
"field": "email_username"
},
{
"label": "Email security",
"field": "email_security"
}
]
},
"entity": [
{
"type": "text",
"label": "Name",
"validators": [
{
"type": "string",
"errorMsg": "Length of ID should be between 1 and 50",
"minLength": 1,
"maxLength": 50
},
{
"type": "regex",
"errorMsg": "Name must begin with a letter and consist exclusively of lower case alphanumeric characters and underscores.",
"pattern": "^[a-z][0-9a-z_]*$"
}
],
"field": "name",
"help": "For Splunk Enterprise only, connect to an external Email delivery system. Enter a unique name for this Splunk remote environment. (lower case alphanumeric characters and underscores)",
"required": true
},
{
"type": "text",
"label": "External mail server and port",
"validators": [
{
"type": "regex",
"errorMsg": "Address and port of the external Email delivery system, in the format <server>:<port> (ex: smtp.gmail.com:587) - It cannot be localhost or 127.0.0.1 (local MTA) which is the default and already automatically available",
"pattern": "^(?!localhost|127\\.0\\.0\\.1)[^\\:]+:\\d+$"
}
],
"help": "Address and port of the external Email delivery system, in the format <server>:<port> (ex: smtp.gmail.com:587) - It cannot be localhost or 127.0.0.1 (local MTA) which is the default and already automatically available",
"field": "email_server",
"required": true,
"options": {
"display": true
}
},
{
"type": "text",
"label": "Mail server username",
"validators": [
{
"type": "regex",
"errorMsg": "The mail account username.",
"pattern": "^.*$"
}
],
"help": "The mail account username.",
"field": "email_username",
"options": {
"display": true
},
"encrypted": false,
"required": false
},
{
"type": "text",
"label": "Password or secret key",
"validators": [
{
"type": "regex",
"errorMsg": "The mail account password.",
"pattern": "^.*$"
}
],
"help": "The mail account password.",
"field": "email_password",
"options": {
"display": true
},
"encrypted": true,
"required": false
},
{
"type": "singleSelect",
"label": "Email security",
"help": "mandatory security configuration for the email delivery",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "ssl",
"label": "ssl"
},
{
"value": "tls",
"label": "tls"
}
]
},
"defaultValue": "tls",
"required": true,
"field": "email_security",
"validators": [
{
"type": "regex",
"errorMsg": "ssl or tls",
"pattern": "^(ssl|tls)$"
}
]
},
{
"type": "text",
"label": "Allowed email domains",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "A comma separated list of email domains allowed, leave empty for no restrictions",
"field": "allowed_email_domains",
"options": {
"display": true
},
"required": false
},
{
"type": "text",
"label": "Sender email",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "The email address to use as sender for the email delivery",
"field": "sender_email",
"options": {
"display": true
},
"defaultValue": "splunk",
"required": true
},
{
"type": "singleSelect",
"label": "Email format support",
"help": "Email format for email delivery",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "html",
"label": "html"
},
{
"value": "text",
"label": "text"
}
]
},
"defaultValue": "html",
"required": false,
"field": "email_format",
"validators": [
{
"type": "regex",
"errorMsg": "html or text",
"pattern": "^(html|text)$"
}
]
},
{
"type": "text",
"label": "Email footer",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "The footer to use in the email delivery",
"field": "email_footer",
"options": {
"display": true
},
"defaultValue": "This is an automated email, please do not reply directly to this email.",
"required": true
}
],
"title": "Email Delivery"
},
{
"name": "trackme_general",
"groups": [
{
"label": "RBAC: sharing, ownership and default roles",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"trackme_default_sharing",
"trackme_owner_default",
"trackme_admin_role_default",
"trackme_power_role_default",
"trackme_user_role_default"
]
},
{
"label": "Emails delivery: localhost MTA configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"allowed_email_domains",
"sender_email",
"email_format",
"email_footer"
]
},
{
"label": "Multi threading",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"max_multi_thread_workers"
]
},
{
"label": "Tabulator: pagination and default settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"pagination_mode",
"pagination_size"
]
},
{
"label": "Events generation and ingestion: mode and fields lists",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"state_events_minimal",
"state_events_allowlist",
"state_events_blocklist"
]
},
{
"label": "Acknowledgements: system level default configuration for acknowledgements in TrackMe",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"trackme_ack_duration_default",
"trackme_ack_remove_on_reason_change",
"trackme_ack_remove_on_reason_change_min_time_sec",
"trackme_ack_remove_on_reason_change_auto_ack_only",
"trackme_ack_remove_when_green"
]
},
{
"label": "StateFul Alerts: system level default configuration for StateFul Alerts in TrackMe",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"trackme_stateful_records_expiration_days",
"trackme_stateful_charts_records_expiration_days"
]
},
{
"label": "Various",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"enable_conf_manager_receiver"
]
}
],
"entity": [
{
"type": "text",
"label": "Max multi thread workers",
"help": "For backends that use multi threading such as trackmepersistentfields, this setting defines the maximum number of workers that can be used to process the data in parallel. The number of workers is calculated based on the number of CPU cores available on the system and capped at this value. (formula: max_workers = cpu_cores * 2, but never more than this value) - Set to 1 to disable multi threading.",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only positive integers.",
"pattern": "^[1-9][0-9]*$"
}
],
"defaultValue": "16",
"field": "max_multi_thread_workers"
},
{
"type": "singleSelect",
"label": "Tabulator Pagination Mode",
"help": "This setting is used at the Virtual Tenant creation phase, once created, this setting stands at the level of the Virtual Tenant account - The pagination can be remote (server side) or local (client side), in most cases, client side would lead to better performance and faster load time especially when filtering on entities.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "local",
"label": "local"
},
{
"value": "remote",
"label": "remote"
}
]
},
"defaultValue": "local",
"field": "pagination_mode",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 'local' or 'remote'.",
"pattern": "^(local|remote)$"
}
]
},
{
"type": "text",
"label": "Tabulator Pagination Size",
"help": "This setting is used at the Virtual Tenant creation phase, once created, this setting stands at the level of the Virtual Tenant account - The pagination size drives the number of records per page, too many records on the same page for high scale collections can negatively impact the UI performance at load time.",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"defaultValue": "10000",
"field": "pagination_size"
},
{
"type": "singleSelect",
"label": "Default sharing level",
"help": "When TrackMe creates knowledge objects, define it the sharing level should be app or global",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "app",
"label": "App"
},
{
"value": "global",
"label": "Global (system)"
}
]
},
"defaultValue": "app",
"field": "trackme_default_sharing",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 'app' or 'global'.",
"pattern": "^(app|global)$"
}
]
},
{
"type": "text",
"label": "Default owner",
"help": "The default owner user preset in the dropdown of the Virtual Tenants creation user interfaces when creating new Virtual Tenants",
"defaultValue": "admin",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty.",
"pattern": "^.*$"
}
],
"field": "trackme_owner_default"
},
{
"type": "text",
"label": "Default admin role",
"help": "The default admin role preset in the dropdown of the Virtual Tenants creation user interfaces when creating new Virtual Tenants",
"defaultValue": "trackme_admin",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty.",
"pattern": "^.*$"
}
],
"field": "trackme_admin_role_default"
},
{
"type": "text",
"label": "Default power role",
"help": "The default power role preset in the dropdown of the Virtual Tenants creation user interfaces when creating new Virtual Tenants",
"defaultValue": "trackme_power",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty.",
"pattern": "^.*$"
}
],
"field": "trackme_power_role_default"
},
{
"type": "text",
"label": "Default user role",
"help": "The default user role preset in the dropdown of the Virtual Tenants creation user interfaces when creating new Virtual Tenants",
"defaultValue": "trackme_power",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty.",
"pattern": "^.*$"
}
],
"field": "trackme_user_role_default"
},
{
"type": "singleSelect",
"label": "Minimal state events",
"help": "This influences the volume of information generated in the state events, in minimal mode only the top key information are retained to limit the size of events and related costs.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "state_events_minimal",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "allowlist fields (minimal)",
"help": "The comma separated list of fields allowed in the state events when in minimal mode",
"defaultValue": "alias,anomaly_reason,keyid,object,object_category,priority,state,status_message,tags,tenant_id",
"required": true,
"field": "state_events_allowlist",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of field names.",
"pattern": "^[a-zA-Z0-9_\\-,]+$"
}
]
},
{
"type": "text",
"label": "In full, block list fields",
"help": "The comma separated list of fields allowed in the state events when in minimal mode",
"defaultValue": "_raw,info_max_time,info_min_time,info_search_time,info_sid,splk_dhm_st_summary,splk_dhm_st_summary_compact,splk_dhm_st_summary_full,metric_details,object_state,tracker_runtime,previous_tracker_runtime",
"required": true,
"field": "state_events_blocklist",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of field names.",
"pattern": "^[a-zA-Z0-9_\\-,]+$"
}
]
},
{
"type": "singleSelect",
"label": "Enable TrackMe Conf Manager",
"help": "This options enables the TrackMe conf manager receiver, admin level operations will be sent to the conf manager receiver to be replayed in the target environment",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "0",
"label": "No"
},
{
"value": "1",
"label": "Yes"
}
]
},
"defaultValue": "0",
"field": "enable_conf_manager_receiver",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "StateFul closed records expiration",
"help": "The number of days after which closed records in the StateFul KVstore collections are expired and deleted",
"defaultValue": "30",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "trackme_stateful_records_expiration_days"
},
{
"type": "text",
"label": "StateFul charts records expiration",
"help": "The number of days after which charts records in the StateFul KVstore collections are expired and deleted (charts records do not need to preserved for a long time)",
"defaultValue": "2",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "trackme_stateful_charts_records_expiration_days"
},
{
"type": "text",
"label": "Default Ack duration",
"help": "The default duration in seconds to be proposed when opening the acknowledgment action for an entity in alert",
"defaultValue": "86400",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "trackme_ack_duration_default"
},
{
"type": "singleSelect",
"label": "Expire Ack on anomaly reason change behaviour",
"help": "Automatically remove an Acknowledgment when the anomaly reason changes, applies to both sticky/unsticky Ack. If the list of anomalies has changed for a given entity and this option is enabled, TrackMe will remove the Ack if it detects that the list of anomaly conditions has changed, this can be leveraged to ensure that a new alert will be raised if the entity encounters a new or different alerting condition.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "trackme_ack_remove_on_reason_change",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "Expire Ack on anomaly reason change min time since",
"help": "Used in association with the change behaviour, this defines the minimal amount of time in seconds between the creation of the Ack and its expiration due to an anomaly reason change, the Ack will not expire until this minimal amount of time has been reached.",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"defaultValue": "3600",
"field": "trackme_ack_remove_on_reason_change_min_time_sec"
},
{
"type": "singleSelect",
"label": "Expire Ack on anomaly reason only for auto ack",
"help": "Restrict removing Ack when the anomaly reason change depending on if the Ack was created by a user or an automated Ack by TrackMe's alert action. If set to Yes, only Auto Ack would get expired if the anomaly reason changes, User Ack would not be impacted.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "trackme_ack_remove_on_reason_change_auto_ack_only",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "singleSelect",
"label": "Remove Ack behaviour",
"help": "Automatically removes an Acknowledgment when the entity is back in green state, even if it has not expired yet (unless sticky Ack)",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "trackme_ack_remove_when_green",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "localhost MTA - Allowed email domains",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "A comma separated list of email domains allowed, leave empty for no restrictions",
"field": "allowed_email_domains",
"options": {
"display": true
},
"required": false
},
{
"type": "text",
"label": "localhost MTA - Sender email",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "The email address to use as sender for the email delivery",
"field": "sender_email",
"options": {
"display": true
},
"defaultValue": "splunk",
"required": true
},
{
"type": "singleSelect",
"label": "localhost MTA - Email format support",
"help": "Email format for email delivery",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "html",
"label": "html"
},
{
"value": "text",
"label": "text"
}
]
},
"defaultValue": "html",
"required": false,
"field": "email_format",
"validators": [
{
"type": "regex",
"errorMsg": "html or text",
"pattern": "^(html|text)$"
}
]
},
{
"type": "text",
"label": "localhost MTA - Email footer",
"validators": [
{
"type": "regex",
"errorMsg": "Value should not be null.",
"pattern": "^.+$"
}
],
"help": "The footer to use in the email delivery",
"field": "email_footer",
"options": {
"display": true
},
"defaultValue": "This is an automated email, please do not reply directly to this email.",
"required": true
}
],
"title": "General"
},
{
"name": "index_settings",
"groups": [
{
"label": "Default indexes configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"trackme_notable_idx",
"trackme_summary_idx",
"trackme_metric_idx",
"trackme_audit_idx"
]
},
{
"label": "Other Indexes related parameters",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"trackme_idx_search_filter"
]
}
],
"entity": [
{
"type": "text",
"label": "Index global search filter",
"help": "An index pattern which matches all TrackMe index, for instance trackme_* which matches all indexes starting by the prefix trackme",
"defaultValue": "trackme_*",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty",
"pattern": "^.*$"
}
],
"field": "trackme_idx_search_filter"
},
{
"type": "singleSelect",
"label": "Notable main index",
"help": "This index will be used to store TrackMe notable events, this can be overridden per tenant",
"defaultValue": "trackme_notable",
"required": true,
"validators": [
{
"type": "string",
"maxLength": 80,
"errorMsg": "Maximum length allowed for index is 80",
"minLength": 1
}
],
"field": "trackme_notable_idx",
"options": {
"createSearchChoice": true,
"denyList": "^_.*$",
"endpointUrl": "data/indexes"
}
},
{
"type": "singleSelect",
"label": "Summary main index",
"help": "This index will be used to store all summary events generated, this can be overridden per tenant",
"defaultValue": "trackme_summary",
"required": true,
"validators": [
{
"type": "string",
"maxLength": 80,
"errorMsg": "Maximum length allowed for index is 80",
"minLength": 1
}
],
"field": "trackme_summary_idx",
"options": {
"createSearchChoice": true,
"denyList": "^_.*$",
"endpointUrl": "data/indexes"
}
},
{
"type": "singleSelect",
"label": "Metric main index",
"help": "This index will be used to store metrics, this can be overridden per tenant",
"defaultValue": "trackme_metrics",
"required": true,
"validators": [
{
"type": "string",
"maxLength": 80,
"errorMsg": "Maximum length allowed for index is 80",
"minLength": 1
}
],
"field": "trackme_metric_idx",
"options": {
"createSearchChoice": true,
"denyList": "^_.*$",
"endpointUrl": "data/indexes?datatype=metric"
}
},
{
"type": "singleSelect",
"label": "Audit main index",
"help": "This index will be used to store audit events, this can be overridden per tenant",
"defaultValue": "trackme_audit",
"required": true,
"validators": [
{
"type": "string",
"maxLength": 80,
"errorMsg": "Maximum length allowed for index is 80",
"minLength": 1
}
],
"field": "trackme_audit_idx",
"options": {
"createSearchChoice": true,
"denyList": "^_.*$",
"endpointUrl": "data/indexes"
}
}
],
"title": "Indexes"
},
{
"name": "trackme_ui_defaults",
"groups": [
{
"label": "User interfaces",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"default_theme",
"auto_refresh",
"vtenants_card_detail_level"
]
}
],
"entity": [
{
"type": "singleSelect",
"label": "Default theme",
"help": "Default color theme for unified React user interfaces. Users can override this preference using the settings panel, which stores preferences in a cookie.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "dark",
"label": "Dark"
},
{
"value": "light",
"label": "Light"
}
]
},
"defaultValue": "dark",
"field": "default_theme",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either dark or light.",
"pattern": "^(dark|light)$"
}
]
},
{
"type": "singleSelect",
"label": "Auto-refresh",
"help": "Enable or disable auto-refresh by default for all user interfaces",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "1",
"field": "auto_refresh",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "singleSelect",
"label": "Tenant Card Detail Level",
"help": "Show detailed priority breakdown (low, medium, high, critical) in Virtual Tenants cards. Users can override this preference using the settings panel, which stores preferences in a cookie.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Yes"
},
{
"value": "0",
"label": "No"
}
]
},
"defaultValue": "0",
"field": "vtenants_card_detail_level",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
}
],
"title": "User interfaces"
},
{
"name": "splk_general",
"groups": [
{
"label": "Default latency and delay preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_dsm_threshold_default",
"splk_general_dsm_delay_default",
"splk_general_dhm_threshold_default",
"splk_general_dhm_delay_default",
"splk_general_mhm_threshold_default"
]
},
{
"label": "Future tolerance preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_feeds_future_tolerance"
]
},
{
"label": "Auto-disablement preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_feeds_auto_disablement_period"
]
},
{
"label": "Delayed Inspector preferences",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_feeds_delayed_inspector_24hours_range_min_sec",
"splk_general_feeds_delayed_inspector_7days_range_min_sec",
"splk_general_feeds_delayed_inspector_until_disabled_range_min_sec"
]
},
{
"label": "Elastic Sources preferences for splk-dsm",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_elastic_max_concurrent"
]
},
{
"label": "Workload preferences (splk-wlk)",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_workload_version_id_keys"
]
},
{
"label": "CMDB Lookup configuration per component",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_dsm_cmdb_search",
"splk_general_dhm_cmdb_search",
"splk_general_mhm_cmdb_search",
"splk_general_flx_cmdb_search",
"splk_general_fqm_cmdb_search",
"splk_general_wlk_cmdb_search"
]
},
{
"label": "Global note",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_dsm_docs_note_global",
"splk_general_dsm_docs_link_global"
]
},
{
"label": "Various",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_general_idx_filter"
]
}
],
"entity": [
{
"type": "text",
"label": "Index time parsing filter",
"help": "Search filter for views inspecting the indexed time activity such as line breaking issues or datetime parsing, filter on indexers and/or heavy forwarders, example: host=idx*.splunkcloud.com",
"defaultValue": "host=*",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "This cannot be empty",
"pattern": "^.+$"
}
],
"field": "splk_general_idx_filter"
},
{
"type": "text",
"label": "Latency default (splk-dsm)",
"help": "The default latency threshold value in seconds applied for splk-dsm based entities, defines the maximum allowed value in seconds for ingestion latency",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_dsm_threshold_default"
},
{
"type": "text",
"label": "Delay default (splk-dsm)",
"help": "The default delay threshold value in seconds applied for splk-dsm based entities, defines the maximum allowed value in seconds for the delay of the entity",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_dsm_delay_default"
},
{
"type": "text",
"label": "Latency default (splk-dhm)",
"help": "The default latency threshold value in seconds applied for splk-dhm based entities, defines the maximum allowed value in seconds for ingestion latency",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_dhm_threshold_default"
},
{
"type": "text",
"label": "Delay default (splk-dhm)",
"help": "The default delay threshold value in seconds applied for splk-dhm based entities, defines the maximum allowed value in seconds for the delay of the entity",
"defaultValue": "86400",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_dhm_delay_default"
},
{
"type": "text",
"label": "Delay default (splk-mhm)",
"help": "The default threshold value in seconds applied for splk-mhm based entities, defines the maximal threshold defined by default for entities in the splk-mhm component (metrics delay)",
"defaultValue": "900",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_mhm_threshold_default"
},
{
"type": "text",
"label": "Future indexing tolerance (splk-dsm/splk-dhm)",
"help": "For splk-dsm/splk-dhm only, defines the amount in negative seconds used for tolerance before we assume the data is indexed in the future",
"defaultValue": "-600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted (negative value).",
"pattern": "^\\-[0-9]*$"
}
],
"field": "splk_general_feeds_future_tolerance"
},
{
"type": "text",
"label": "Delayed Inspector: 24 hours range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the 24 hours range delayed inspector, defaults to 14400 seconds. (4 hours) If set to 0, the delayed inspector will be disabled for that range.",
"defaultValue": "14400",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_feeds_delayed_inspector_24hours_range_min_sec"
},
{
"type": "text",
"label": "Delayed Inspector: 7 days range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the 7 days range delayed inspector, defaults to 43200 seconds. (12 hours) If set to 0, the delayed inspector will be disabled for that range.",
"defaultValue": "43200",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_feeds_delayed_inspector_7days_range_min_sec"
},
{
"type": "text",
"label": "Delayed Inspector: until disabled range min time between inspections",
"help": "For splk-dsm/splk-dhm only, the minimum time in seconds between inspections for the until disabled range delayed inspector, defaults to 172800 seconds. (48 hours) If set to 0 or auto disablement period is set to 0d, the delayed inspector will be disabled for that range.",
"defaultValue": "172800",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected digits.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_feeds_delayed_inspector_until_disabled_range_min_sec"
},
{
"type": "text",
"label": "Auto disablement period (splk-dsm/splk-dhm/splk-mhm)",
"help": "For splk-dsm/splk-dhm/splk-mhm only, defines the period in relative days, after which an inactive entity (not sending data actively) gets disabled automatically, set to 0d to disable the feature.",
"defaultValue": "60d",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "format expected <days>d, ex: 60d.",
"pattern": "^[0-9]*d$"
}
],
"field": "splk_general_feeds_auto_disablement_period"
},
{
"type": "text",
"label": "Concurrent searches Elastic",
"help": "System level number of parallel concurrent searches for Shared Elastic sources, this can be overridden on a per tenant basis using max_concurrent_searches on the Shared Elastic tracker",
"defaultValue": "3",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_general_elastic_max_concurrent"
},
{
"type": "text",
"label": "Workload version_id calculation parameters keys",
"help": "For the Workload component (splk-wlk), defines the list of parameters used for the version_id hash calculation (versioning), expected as a CSV list of saved searches parameters, wildcard patterns are supported. Note that changing this value leads to the re-calculation of all known object version_id values. (example adding: cron_schedule, *notable*)",
"defaultValue": "search,dispatch.earliest,dispatch.latest,description,cron_schedule,disabled,is_scheduled",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Comma separated list of parameters expected.",
"pattern": "^[a-zA-Z0-9_,\\.]*$"
}
],
"field": "splk_general_workload_version_id_keys"
},
{
"type": "text",
"label": "CMDB lookup search splk-dsm",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection",
"defaultValue": "| inputlookup my_cmdb where (index=\"$data_index$\" AND sourcetype=\"$data_sourcetype$\")",
"required": true,
"field": "splk_general_dsm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-dhm",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection",
"defaultValue": "| inputlookup my_cmdb where (host=\"$alias$\")",
"required": true,
"field": "splk_general_dhm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-mhm",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "| inputlookup my_cmdb where (host=\"$alias$\")",
"required": true,
"field": "splk_general_mhm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-flx",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "| inputlookup my_cmdb where (object=\"$object$\")",
"required": true,
"field": "splk_general_flx_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-fqm",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "| inputlookup my_cmdb where (object=\"$object$\")",
"required": true,
"field": "splk_general_fqm_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "CMDB lookup search splk-wlk",
"help": "The CMDB lookup search for this component, you can refer using tokens to any field that TrackMe maintains in the KVstore collection, use the token $tenant_id$ to make this search tenant specific",
"defaultValue": "| inputlookup my_cmdb where (savedsearch_name=\"$savedsearch_name$\")",
"required": true,
"field": "splk_general_wlk_cmdb_search",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid search expression.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "Global note",
"help": "Use this option to define a global note for all entities",
"defaultValue": "",
"required": false,
"field": "splk_general_dsm_docs_note_global",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid note.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "Global link",
"help": "Use this option to define a global link for all entities",
"defaultValue": "",
"required": false,
"field": "splk_general_dsm_docs_link_global",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid URL.",
"pattern": "^https://.+$"
}
]
}
],
"title": "splk-general"
},
{
"name": "splk_data_sampling",
"groups": [
{
"label": "Sampling Timing",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_data_sampling_min_time_btw_iterations_seconds",
"splk_data_sampling_relative_time_window_seconds"
]
},
{
"label": "Records Configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_data_sampling_no_records_per_entity",
"splk_data_sampling_no_records_saved_kvrecord",
"splk_data_sampling_records_kvrecord_truncate_size"
]
},
{
"label": "Model Matching and Thresholds",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_data_sampling_pct_min_major_inclusive_model_match",
"splk_data_sampling_pct_max_exclusive_model_match"
]
}
],
"entity": [
{
"type": "text",
"label": "Minimum time in seconds between two iterations of sampling per entity",
"help": "This defines the minimal time in seconds between data sampling iterations, TrackMe will never attempt to perform sampling for a given entity if the time spent is the last iteration is lower than this, otherwise and if conditions permit, data sampling can be performed as soon as possible.",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_data_sampling_min_time_btw_iterations_seconds"
},
{
"type": "text",
"label": "Number of records sampled per entity",
"help": "This defines the number of records to be sampled and verified per entity during the data sampling process, increased value improves the event format recognition at the cost of more processing per entity but doesn't affect the following of records stored in the KVstore.",
"defaultValue": "10000",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_data_sampling_no_records_per_entity"
},
{
"type": "text",
"label": "Number of sampled records kept in the KVstore for inspection",
"help": "This defines the number of records to be kept in the KVstore for inspection purposes at each iteration performed. When data sampling is performed, we will keep and store in the KVstore a sample of x records per model matched for inspection and review purposes, increasing this value will increase the amount of storage required in the KVstore. Note that this option is ignored if data sampling obfuscation is enabled at the Virtual Tenant level. (if so, raw events are not stored in the KVstore)",
"defaultValue": "10",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_data_sampling_no_records_saved_kvrecord"
},
{
"type": "text",
"label": "Character size limit before we truncate events when storing sampled records in the KVstore for inspection",
"help": "This defines the character size limit applied when we store sampled events in the KVstore record for inspection, the KVstore has a default hard limit at 50k chars per field and would raise an error if the limit is exceeded, this option allows you to truncate the events before storing them in the KVstore. Note that this truncation limit does not impact the models training process, only the storage of the events in the KVstore for inspection.",
"defaultValue": "40000",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_data_sampling_records_kvrecord_truncate_size"
},
{
"type": "text",
"label": "Min inclusive model matched percentage",
"help": "This defines the minimal percentage of events to match for the major inclusive model matched, it is applied at the discovery of entities and can then be updated per entity. In short, if there are multiple inclusive model match, this defines the threshold of acceptance for the major model match (what percentage of non matching events to be accepted before raising an alert for quality issue purposes). It defaults to 95%, which means that if the main model matched has less than 95% of events matching, the entity state will be impacted by the data sampling.",
"defaultValue": "98",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only floats are accepted.",
"pattern": "^[0-9]*\\.{0,1}[0-9]{0,2}$"
}
],
"field": "splk_data_sampling_pct_min_major_inclusive_model_match"
},
{
"type": "text",
"label": "Max exclusive model matched percentage",
"help": "On the other hand, if exclusive models have been defined and parsed against a given entity, this defines for each exclusive model matched per entity the max level of events percentage per iteration that can be accepted. It defaults to 0%, which means that by default we do not accept any events matching an exclusive model, you can increase this value to define a higher level of acceptance when we discover entities, note that you can also update this value per entity after its discovery.",
"defaultValue": "95",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only floats are accepted.",
"pattern": "^[0-9]*\\.{0,1}[0-9]{0,2}$"
}
],
"field": "splk_data_sampling_pct_max_exclusive_model_match"
},
{
"type": "text",
"label": "The relative time window size in seconds",
"help": "the size in seconds of the time window for the sampling operation, relative to the latest event time know for the entity. This setting is used to calculate the earliest_time when performing the sampling search, for instance 3600 means the search will run against the time window will cover up to 1 hour of events according to the latest event time known for the entity, ex: 3600.",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only digits are accepted.",
"pattern": "^[0-9]*$"
}
],
"field": "splk_data_sampling_relative_time_window_seconds"
}
],
"title": "splk-data-sampling"
},
{
"name": "splk_outliers_detection",
"groups": [
{
"label": "Historical Metrics and Training",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_min_days_history",
"splk_outliers_time_train_mlmodels_default",
"splk_outliers_time_monitor_mlmodels_default",
"splk_outliers_max_runtime_train_mlmodels_default",
"splk_outliers_max_days_since_last_train_default"
]
},
{
"label": "Thresholds and Deviations",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_perc_min_lowerbound_deviation_default",
"splk_outliers_perc_min_upperbound_deviation_default",
"splk_outliers_static_lower_threshold_default",
"splk_outliers_static_upper_threshold_default",
"splk_outliers_density_lower_threshold_default",
"splk_outliers_density_upper_threshold_default"
]
},
{
"label": "Model Settings and Calculations",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_calculation_default",
"splk_outliers_mltk_algorithms_list",
"splk_outliers_mltk_algorithms_default",
"splk_outliers_fit_extra_parameters",
"splk_outliers_apply_extra_parameters"
]
},
{
"label": "Macro and Boundary Configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_boundaries_extraction_macro_default",
"splk_outliers_boundaries_extraction_macros_list"
]
},
{
"label": "Alerts and KPI Monitoring",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_alert_lower_threshold_volume_default",
"splk_outliers_alert_upper_threshold_volume_default",
"splk_outliers_alert_lower_threshold_latency_default",
"splk_outliers_alert_upper_threshold_latency_default"
]
},
{
"label": "Detection Period and Time Factor",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_detection_period_default",
"splk_outliers_detection_period_latest_default",
"splk_outliers_detection_timefactor_default"
]
},
{
"label": "KPI Metrics",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_detection_latency_kpi_metric_default",
"splk_outliers_detection_volume_kpi_metric_default"
]
},
{
"label": "General Settings",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"splk_outliers_auto_correct",
"splk_outliers_detection_disable_default"
]
}
],
"entity": [
{
"type": "text",
"label": "Min days historical metrics for confidence",
"help": "The minimal number of days of historical metrics required to compute the confidence level of the outliers detection, defaults to 7 days",
"defaultValue": "7",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Float or integer.",
"pattern": "^\\d*\\.{0,1}\\d{0,}$"
}
],
"field": "splk_outliers_min_days_history"
},
{
"type": "text",
"label": "Requested time models training",
"help": "The time value in seconds requested for ML models to be trained for entities, a given entity will regularly get ML models trained if possible based on this value. (defaults to 7 days)",
"defaultValue": "604800",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"field": "splk_outliers_time_train_mlmodels_default"
},
{
"type": "text",
"label": "Requested time models monitor",
"help": "The time value in seconds requested for ML models to be monitored for entities, a given entity will regularly get ML models monitored if possible based on this value. (defaults to 1 hour)",
"defaultValue": "3600",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"field": "splk_outliers_time_monitor_mlmodels_default"
},
{
"type": "text",
"label": "Max runtime models training",
"help": "The time value in seconds requested to limit the max duration of the ML training models, defaults to 15 min (reduced by 30 sec) and should be set according to the cron schedule of the ML training job",
"defaultValue": "900",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"field": "splk_outliers_max_runtime_train_mlmodels_default"
},
{
"type": "text",
"label": "Max time since last training",
"help": "When executing a rendering operation, TrackMe verifies the last time this model was trained, if this time execeds the value set here, the model will be retrained automatically before rendering. (defaults to 15 days)",
"defaultValue": "15",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers.",
"pattern": "^\\d*$"
}
],
"field": "splk_outliers_max_days_since_last_train_default"
},
{
"type": "singleSelect",
"label": "Disable outliers at discovery",
"help": "When a new entity is discovered, enable or disable the volume based outliers detection by default for that entity. The feature can still be managed on demand for that entity.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "0",
"field": "splk_outliers_detection_disable_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "singleSelect",
"label": "Outliers default calculation",
"help": "The default calculation mode used for anomaly outliers detection, can be updated per entity.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "stdev",
"label": "Standard deviation"
},
{
"value": "avg",
"label": "Average"
},
{
"value": "max",
"label": "Max"
},
{
"value": "min",
"label": "Min"
},
{
"value": "sum",
"label": "Sum"
},
{
"value": "perc95",
"label": "Percentile95"
},
{
"value": "latest",
"label": "Latest"
}
]
},
"defaultValue": "stdev",
"field": "splk_outliers_calculation_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be one of stdev, avg, max, min, sum, perc95, or latest.",
"pattern": "^(stdev|avg|max|min|sum|perc95|latest)$"
}
]
},
{
"type": "text",
"label": "Density lower threshold",
"help": "The default value of the lower threshold applied to the DensityFunction algorithm, set at discovery and can be updated per entity.",
"defaultValue": "0.005",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers or decimals.",
"pattern": "^[\\d|\\.]*$"
}
],
"field": "splk_outliers_density_lower_threshold_default"
},
{
"type": "text",
"label": "Density upper threshold",
"help": "The default value of the upper threshold applied to the DensityFunction algorithm, set at discovery and can be updated per entity.",
"defaultValue": "0.005",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only integers or decimals.",
"pattern": "^[\\d|\\.]*$"
}
],
"field": "splk_outliers_density_upper_threshold_default"
},
{
"type": "singleSelect",
"label": "Volume lower breached",
"help": "Alert when the lower bound threshold is breached for volume based KPIs.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "1",
"field": "splk_outliers_alert_lower_threshold_volume_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a positive integer.",
"pattern": "^[0-9]+$"
}
]
},
{
"type": "singleSelect",
"label": "Volume upper breached",
"help": "Alert when the upper bound threshold is breached for volume based KPIs.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "0",
"field": "splk_outliers_alert_upper_threshold_volume_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a positive integer.",
"pattern": "^[0-9]+$"
}
]
},
{
"type": "singleSelect",
"label": "Latency lower breached",
"help": "Alert when the lower bound threshold is breached for latency based KPIs.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "0",
"field": "splk_outliers_alert_lower_threshold_latency_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a positive integer.",
"pattern": "^[0-9]+$"
}
]
},
{
"type": "singleSelect",
"label": "Latency upper breached",
"help": "Alert when the upper bound threshold is breached for latency based KPIs.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "1",
"field": "splk_outliers_alert_upper_threshold_latency_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a positive integer.",
"pattern": "^[0-9]+$"
}
]
},
{
"type": "text",
"label": "Default period for calculation",
"help": "The relative period used by default for outliers calculations, applied during entity discovery and can be updated per entity, example: -30d for 30 days back in time.",
"required": true,
"defaultValue": "-30d",
"field": "splk_outliers_detection_period_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be null.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "Default latest time quantifier for calculation",
"help": "The relative time quantifier for the latest time used by default for outliers calculations, applied during entity discovery and can be updated per entity. Defaults to now and can accept Splunk relative time quantifiers such as -1h@h.",
"required": true,
"defaultValue": "-1d",
"field": "splk_outliers_detection_period_latest_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must not be null.",
"pattern": "^.+$"
}
]
},
{
"type": "singleSelect",
"label": "Default outliers time factor",
"help": "The default time factor applied for the outliers dynamic thesholds calculation",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "%H",
"label": "By hour"
},
{
"value": "%H%M",
"label": "By hour/minutes"
},
{
"value": "%w%H",
"label": "By week day/hour"
},
{
"value": "%w%H%M",
"label": "By week day/hour/minutes"
},
{
"value": "%w",
"label": "By week day"
},
{
"value": "none",
"label": "No time factor"
}
]
},
"defaultValue": "-30d",
"field": "splk_outliers_detection_timefactor_default",
"validators": [
{
"type": "regex",
"errorMsg": "If set, cannot be empty.",
"pattern": "^.+$"
}
]
},
{
"type": "singleSelect",
"label": "Default latency kpi metric",
"help": "The default kpi metric for latency outliers detection",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "None",
"label": "None (disables it by default)"
},
{
"value": "splk.feeds.avg_latency_5m",
"label": "splk.feeds.avg_latency_5m"
},
{
"value": "splk.feeds.latest_latency_5m",
"label": "splk.feeds.latest_latency_5m"
},
{
"value": "splk.feeds.perc95_latency_5m",
"label": "splk.feeds.perc95_latency_5m"
},
{
"value": "splk.feeds.stdev_latency_5m",
"label": "splk.feeds.stdev_latency_5m"
}
]
},
"defaultValue": "None",
"field": "splk_outliers_detection_latency_kpi_metric_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid KPI metric.",
"pattern": "^.+$"
}
]
},
{
"type": "singleSelect",
"label": "Default volume kpi metric",
"help": "The default kpi metric for volume outliers detection",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "None",
"label": "None (disables it by default)"
},
{
"value": "splk.feeds.avg_eventcount_5m",
"label": "splk.feeds.avg_eventcount_5m"
},
{
"value": "splk.feeds.latest_eventcount_5m",
"label": "splk.feeds.latest_eventcount_5m"
},
{
"value": "splk.feeds.perc95_eventcount_5m",
"label": "splk.feeds.perc95_eventcount_5m"
},
{
"value": "splk.feeds.stdev_eventcount_5m",
"label": "splk.feeds.stdev_eventcount_5m"
}
]
},
"defaultValue": "splk.feeds.avg_eventcount_5m",
"field": "splk_outliers_detection_volume_kpi_metric_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid KPI metric.",
"pattern": "^.+$"
}
]
},
{
"type": "singleSelect",
"label": "Default auto correct",
"help": "When defining the model, enable or disable auto_correct by default, which uses the concept of auto correction based on min lower and upper deviation.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "True"
},
{
"value": "0",
"label": "False"
}
]
},
"defaultValue": "1",
"field": "splk_outliers_auto_correct",
"validators": [
{
"type": "regex",
"errorMsg": "Must be either 1 (Yes) or 0 (No).",
"pattern": "^(1|0)$"
}
]
},
{
"type": "text",
"label": "Perc min lower deviation",
"help": "If an outlier is not deviant (LowerBound) from at least that percentage of the current KPI value, it will be considered as a false positive.",
"defaultValue": "5.0",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only decimals.",
"pattern": "^\\d*\\.\\d*$"
}
],
"field": "splk_outliers_perc_min_lowerbound_deviation_default"
},
{
"type": "text",
"label": "Perc min upper deviation",
"help": "If an outlier is not deviant (UpperBound) from at least that percentage of the current KPI value, it will be considered as a false positive.",
"defaultValue": "5.0",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Only decimals.",
"pattern": "^\\d*\\.\\d*$"
}
],
"field": "splk_outliers_perc_min_upperbound_deviation_default"
},
{
"type": "text",
"label": "List of selectable MLTK algorithms",
"help": "TrackMe uses the MLTK DensityFunction algorithm, you can add custom algorithms as a comma separated list of values, these will become selectable automatically in the different Outliers configuration screens in TrackMe.",
"defaultValue": "DensityFunction",
"required": true,
"field": "splk_outliers_mltk_algorithms_list",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of algorithms.",
"pattern": "^[a-zA-Z0-9_\\-,]+$"
}
]
},
{
"type": "text",
"label": "Default MLTK algorithm",
"help": "If you have multiple algorithms, you can define here which algorithm should be used by default when TrackMe defines the ML models rules, which happens usually at the entities discovery, or when adding/resetting ML models.",
"defaultValue": "DensityFunction",
"required": true,
"field": "splk_outliers_mltk_algorithms_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid algorithm name.",
"pattern": "^[a-zA-Z0-9_\\-]+$"
}
]
},
{
"type": "text",
"label": "fit_extra_parameters",
"help": "You can optionally add extra parameters to be added to the MLTK fit command (training phase) at the time of the definition of the ML rules (generally when entities are discovered), for instance: exclude_dist=\"beta\" to exclude Beta distributions for the density function, see MLTK documentation for more information. Default is empty for no extra parameters.",
"defaultValue": "",
"required": false,
"field": "splk_outliers_fit_extra_parameters",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid parameter set.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "apply_extra_parameters",
"help": "You can optionally add extra parameters to be added to the MLTK apply command (rendering phase) at the time of the definition of the ML rules (generally when entities are discovered), for instance: sample=\"True\", see MLTK documentation for more information. Default is empty for no extra parameters.",
"defaultValue": "",
"required": false,
"field": "splk_outliers_apply_extra_parameters",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid parameter set.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "extract_boundaries_macro",
"help": "This defines the name of the boundaries extraction macro which is used when defining ML models rules, usually at the time of the entity discovery or when defining a new model.",
"defaultValue": "",
"required": true,
"field": "splk_outliers_boundaries_extraction_macro_default",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid macro.",
"pattern": "^.+$"
}
]
},
{
"type": "text",
"label": "extract_boundaries_macros_list",
"help": "This defines the list of boundaries macros, if you need to define a custom macro to extract boundaries according to a custom algorithm, you can add a comma separated list of macros which will become automatically selectable in TrackMe Outliers management screens.",
"defaultValue": "",
"required": true,
"field": "splk_outliers_boundaries_extraction_macros_list",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a comma-separated list of macros.",
"pattern": "^[a-zA-Z0-9_\\-,]+$"
}
]
},
{
"type": "text",
"label": "Static lowerBound Threshold",
"help": "You can define a default value for the static lowerBound threshold, if defined this overrides the calculated lowerBound.",
"defaultValue": "",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Only decimals.",
"pattern": "^\\d*\\.\\d*$"
}
],
"field": "splk_outliers_static_lower_threshold_default"
},
{
"type": "text",
"label": "Static upperBound Threshold",
"help": "You can define a default value for the static upperBound threshold, if defined this overrides the calculated upperBound.",
"defaultValue": "",
"required": false,
"validators": [
{
"type": "regex",
"errorMsg": "Only decimals.",
"pattern": "^\\d*\\.\\d*$"
}
],
"field": "splk_outliers_static_upper_threshold_default"
}
],
"title": "splk-outliers-detection"
},
{
"name": "sla",
"groups": [
{
"label": "SLA Classes Configuration",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"sla_classes",
"sla_default_class"
]
},
{
"label": "SLA Events Generation",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"sla_breaches_events_frequency"
]
}
],
"entity": [
{
"type": "text",
"label": "SLA classes definition",
"help": "A JSON dictionary which defines the list of SLA classes and their respective threshold and rank, this can be used to define different SLA classes with different thresholds, the default class is always applied to all entities.",
"defaultValue": "{\"gold\": {\"sla_threshold\": 14400, \"rank\": 3}, \"silver\": {\"sla_threshold\": 86400, \"rank\": 2}, \"platinum\": {\"sla_threshold\": 172800, \"rank\": 1}}",
"required": true,
"field": "sla_classes",
"validators": [
{
"type": "regex",
"errorMsg": "A valid JSON dictionary is expected.",
"pattern": "^\\{.*\\}$"
}
]
},
{
"type": "text",
"label": "SLA default class",
"help": "The default SLA class applied when discovering entities, this can be overridden per entity as well as with SLA policies, the default SLA class must be found in the SLA classes definition above.",
"defaultValue": "silver",
"required": true,
"field": "sla_default_class",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid SLA class name.",
"pattern": "^[a-zA-Z0-9_\\-]+$"
}
]
},
{
"type": "text",
"label": "SLA breaches gen events frequency",
"help": "The frequency in seconds at which SLA breaches events are generated (sourcetype=trackme:sla_breaches), default is 604800 (7 days). SLA breaches events are generated only when the SLA is breached for a given entity, and can be used for alerting purposes, notably to generate update notifications in TrackMe StateFul alerts. Set the value to 0 to disable generating SLA breaches events.",
"defaultValue": 604800,
"required": true,
"field": "sla_breaches_events_frequency",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid number.",
"pattern": "^\\d+$"
}
]
}
],
"title": "SLA"
},
{
"name": "maintenance",
"groups": [
{
"label": "Maintenance Mode and Knowledge Base",
"options": {
"expand": true,
"isExpandable": false
},
"fields": [
"maintenance_kdb_exclusion_behaviour"
]
}
],
"entity": [
{
"type": "singleSelect",
"label": "SLA exclusion behaviour",
"help": "Defines if SLA exclusions should exclude planned only, unplanned only or both planned and unplanned events.",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "any",
"label": "Any (planned/unplanned)"
},
{
"value": "planned",
"label": "planned only"
},
{
"value": "unplanned",
"label": "unplanned only"
}
]
},
"defaultValue": "planned",
"field": "maintenance_kdb_exclusion_behaviour",
"validators": [
{
"type": "regex",
"errorMsg": "Must be a valid behavior setting.",
"pattern": "^(exclude|include)$"
}
]
}
],
"title": "Maintenance"
},
{
"name": "logging",
"title": "Logging",
"entity": [
{
"type": "singleSelect",
"label": "Log level",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "DEBUG",
"label": "DEBUG"
},
{
"value": "INFO",
"label": "INFO"
},
{
"value": "WARNING",
"label": "WARNING"
},
{
"value": "ERROR",
"label": "ERROR"
},
{
"value": "CRITICAL",
"label": "CRITICAL"
}
]
},
"defaultValue": "INFO",
"field": "loglevel",
"required": true,
"validators": [
{
"type": "regex",
"errorMsg": "Log level must be one of: DEBUG, INFO, WARNING, ERROR, CRITICAL",
"pattern": "^DEBUG|INFO|WARNING|ERROR|CRITICAL$"
}
],
"help": "The logging level applies to all custom commands and the TrackMe REST API, logs are indexed automatically within the _internal index"
}
]
}
],
"title": "Configuration",
"description": "Configure TrackMe"
}
},
"alerts": [
{
"name": "trackme_smart_status",
"label": "Trackme Smart Status",
"description": "Run the TrackMe Smart Status",
"entity": [
{
"type": "text",
"label": "Tenant",
"help": "Tenant identifier",
"field": "tenant_id",
"required": true
},
{
"type": "text",
"label": "Object category",
"help": "Object category",
"field": "object_category",
"required": true
},
{
"type": "text",
"label": "Object name",
"help": "Object name",
"field": "object_name",
"required": true
}
]
},
{
"name": "trackme_auto_ack",
"label": "TrackMe auto acknowledge",
"description": "Perform an automatic acknowledgement of an entity triggering",
"entity": [
{
"type": "text",
"label": "Ack period (seconds)",
"help": "Acknowledge period in seconds",
"field": "ack_period",
"required": true
},
{
"type": "singleSelect",
"label": "Ack type",
"help": "Acknowledge type, can be sticky or unsticky",
"field": "ack_type",
"required": true,
"defaultValue": "sticky",
"options": {
"items": [
{
"value": "sticky",
"label": "sticky"
},
{
"value": "unsticky",
"label": "unsticky"
}
],
"display": true
}
}
]
},
{
"name": "trackme_free_style_rest_call",
"label": "TrackMe free style rest call",
"description": "Performs a rest call to any TrackMe REST API endpoint",
"entity": [
{
"type": "text",
"label": "Tenant",
"help": "Tenant identifier",
"field": "tenant_id",
"required": true
},
{
"type": "text",
"label": "TrackMe Endpoint URL",
"help": "Enter the API endpoint, example: /services/trackme/v1/data_sources/ds_disable_data_sampling",
"field": "endpoint_url",
"required": true
},
{
"type": "singleSelect",
"label": "HTTP mode",
"field": "http_mode",
"defaultValue": "get",
"help": "HTTP mode expected by the API endpoint",
"required": true,
"options": {
"items": [
{
"value": "get",
"label": "get"
},
{
"value": "post",
"label": "post"
},
{
"value": "delete",
"label": "delete"
}
],
"display": true
}
},
{
"type": "text",
"label": "HTTP body",
"help": "HTTP body",
"field": "http_body",
"required": true
}
]
},
{
"name": "trackme_notable",
"label": "TrackMe notable event",
"description": "Create a TrackMe notable event",
"entity": [
{
"type": "text",
"label": "Title",
"help": "Notable event title",
"field": "title",
"required": true
},
{
"type": "text",
"label": "Splunk root uri",
"help": "This value is used to build the drilldown link in the notable event and the entity triggering, This should be the base URL for Splunk Web.",
"field": "drilldown_root_uri",
"required": false
},
{
"type": "singleSelect",
"label": "Drilldown link earliest time",
"field": "drilldown_earliest",
"defaultValue": "-24h",
"help": "The earliest time value for the drilldown link, defaults to -24h",
"required": false,
"options": {
"items": [
{
"value": "-30m",
"label": "-30m"
},
{
"value": "-60m",
"label": "-60m"
},
{
"value": "-2h",
"label": "-2h"
},
{
"value": "-4h",
"label": "-4h"
},
{
"value": "-8h",
"label": "-8h"
},
{
"value": "-12h",
"label": "-12h"
},
{
"value": "-24h",
"label": "-24h"
},
{
"value": "-48h",
"label": "-48h"
},
{
"value": "-7d",
"label": "-7d"
},
{
"value": "-15d",
"label": "-15d"
},
{
"value": "-30d",
"label": "-30d"
},
{
"value": "-60d",
"label": "-60d"
},
{
"value": "-90d",
"label": "-90d"
},
{
"value": "-180d",
"label": "-180d"
},
{
"value": "-365d",
"label": "-365d"
}
],
"display": true
}
}
]
},
{
"name": "trackme_stateful_alert",
"label": "TrackMe stateful alert",
"description": "Create a TrackMe Stateful Alert",
"entity": [
{
"type": "singleSelect",
"label": "Delivery target (Emails, Ingest, etc)",
"help": "This defines the delivery target for the alert, currently only emails and ingest are supported.",
"required": true,
"options": {
"items": [
{
"value": "emails_and_ingest",
"label": "Emails and Ingest"
},
{
"value": "emails_commands_and_ingest",
"label": "Emails, Commands and Ingest"
},
{
"value": "commands_and_ingest",
"label": "Commands and Ingest"
},
{
"value": "commands_and_emails",
"label": "Commands and Emails"
},
{
"value": "commands_only",
"label": "Commands only"
},
{
"value": "emails_only",
"label": "Emails only"
},
{
"value": "ingest_only",
"label": "Ingest only"
}
],
"display": true
},
"defaultValue": "0",
"field": "delivery_target"
},
{
"type": "text",
"label": "Environment name",
"help": "The environment name to use in the email content header, defaults to Splunk. Define it as the fully qualified address of the environment so it appears as a valid link in the email, example: https://splunk.example.com",
"field": "environment_name",
"defaultValue": "Splunk",
"required": false
},
{
"type": "singleSelectSplunkSearch",
"label": "Email account",
"help": "Mandatory for emails delivery: Select the email system account to be used for the delivery.",
"search": "| `trackme_populate_email_accounts`",
"valueField": "title",
"labelField": "title",
"field": "email_account",
"required": false
},
{
"type": "text",
"label": "Recipients",
"help": "Mandatory for emails delivery: A comma separated list of recipients.",
"field": "email_recipients",
"required": false
},
{
"type": "text",
"label": "Priority levels for emails notifications.",
"help": "You can restrict the scope of email notifications to a specific list of priority levels (comma separated list of priority levels), example: critical,high - use * to send emails for all priority levels",
"field": "priority_levels_emails",
"required": false
},
{
"type": "singleSelect",
"label": "For emails, send update notification if Ack is active?",
"help": "Instructs the alert to send or not an updated email notification if the entity has an active acknowledgement. (defaults to true)",
"required": false,
"options": {
"items": [
{
"value": 0,
"label": "false"
},
{
"value": 1,
"label": "true"
}
],
"display": true
},
"defaultValue": "1",
"field": "email_send_update_if_ack_active"
},
{
"type": "singleSelect",
"label": "Consider orange as in alerting state",
"help": "Instructs the alert to consider the orange state as an alerting state, otherwise it will be considered a non-alerting state. Default behavior is to consider orange as a non alerting state.",
"required": true,
"options": {
"items": [
{
"value": 0,
"label": "false"
},
{
"value": 1,
"label": "true"
}
],
"display": true
},
"defaultValue": "0",
"field": "orange_as_alerting_state"
},
{
"type": "singleSelect",
"label": "Include charts generation in the email",
"help": "(for html email only) Instructs the alert to include charts generation in the email, which depends on the type of entity. If enabled, TrackMe will execute a fast search against TrackMe metrics, generate and include an SVG chart in the html email.",
"required": false,
"options": {
"items": [
{
"value": 0,
"label": "false"
},
{
"value": 1,
"label": "true"
}
],
"display": true
},
"defaultValue": "1",
"field": "generate_charts"
},
{
"type": "singleSelect",
"label": "Emails charts theme",
"help": "(for html email only) Instructs the alert to use a specific theme for the charts in the email.",
"required": false,
"options": {
"items": [
{
"value": "dark",
"label": "Dark"
},
{
"value": "light",
"label": "Light"
}
],
"display": true
},
"defaultValue": "dark",
"field": "theme_charts"
},
{
"type": "text",
"label": "Emails charts time window",
"help": "This value defines the earliest time for the charts in the email, defaults to the last 24 hours and is expressed as <digit><time_unit>, example: 24h, 7d, 30d. Recommended values are 24h or 7d.",
"field": "timerange_charts",
"required": false,
"defaultValue": "24h"
},
{
"type": "text",
"label": "Splunk root uri",
"help": "This value is used to build the drilldown link. This should be the base URL for Splunk Web such as: https://splunk.example.com",
"field": "drilldown_root_uri",
"required": false
},
{
"type": "singleSelect",
"label": "Commands mode",
"help": "This defines the mode of the commands to be executed, currently only streaming and generating are supported.",
"required": false,
"options": {
"items": [
{
"value": "streaming",
"label": "Streaming"
},
{
"value": "generating",
"label": "Generating"
}
]
},
"defaultValue": "streaming",
"field": "commands_mode"
},
{
"type": "text",
"label": "Command for new incidents",
"help": "The command to be executed for new incidents, currently only streaming and generating are supported. Tokens are supported for incident fields, example: $result.object$",
"field": "commands_opened",
"required": false
},
{
"type": "text",
"label": "Command for updated incidents",
"help": "The command to be executed for updated incidents, currently only streaming and generating are supported. Tokens are supported for incident fields, example: $result.object$",
"field": "commands_updated",
"required": false
},
{
"type": "text",
"label": "Command for closed incidents",
"help": "The command to be executed for closed incidents, currently only streaming and generating are supported. Tokens are supported for incident fields, example: $result.object$",
"field": "commands_closed",
"required": false
},
{
"type": "text",
"label": "Priority levels for commands execution.",
"help": "You can restrict the scope of commands execution to a specific list of priority levels. comma separated list of priority levels, example: critical,high - use * to execute commands for all priority levels",
"field": "priority_levels_commands",
"required": false
},
{
"type": "singleSelect",
"label": "Auto ack enabled",
"help": "Instructs the alert to automatically acknowledge the entity if it is in alerting state. (defaults to true)",
"required": false,
"options": {
"items": [
{
"value": 0,
"label": "false"
},
{
"value": 1,
"label": "true"
}
],
"display": true
},
"defaultValue": "1",
"field": "auto_ack_enabled"
},
{
"type": "text",
"label": "Auto ack period",
"help": "If auto ack is enabled, this defines the period in seconds after which the entity will be automatically acknowledged. (defaults to 300 seconds)",
"field": "auto_ack_period",
"required": false
},
{
"type": "singleSelect",
"label": "Auto ack type",
"help": "If auto ack is enabled, this defines the type of acknowledgement to be used. (defaults to sticky)",
"field": "auto_ack_type",
"required": false,
"defaultValue": "sticky",
"options": {
"items": [
{
"value": "sticky",
"label": "sticky"
},
{
"value": "unsticky",
"label": "unsticky"
}
],
"display": true
}
}
]
}
],
"meta": {
"name": "trackme",
"restRoot": "trackme",
"version": "2.3.5",
"displayName": "TrackMe",
"schemaVersion": "0.0.10",
"os-dependentLibraries": [
{
"name": "pillow",
"version": "12.0.0",
"platform": "manylinux2014_x86_64",
"python_version": "3.13",
"os": "linux",
"target": "3rdparty/linux_with_deps_313",
"dependencies": true
},
{
"name": "pillow",
"version": "12.0.0",
"platform": "win_amd64",
"python_version": "3.13",
"os": "windows",
"target": "3rdparty/windows_with_deps_313",
"dependencies": true
},
{
"name": "pillow",
"version": "11.2.1",
"platform": "manylinux2014_x86_64",
"python_version": "3.9",
"os": "linux",
"target": "3rdparty/linux_with_deps_39",
"dependencies": true
},
{
"name": "pillow",
"version": "11.2.1",
"platform": "win_amd64",
"python_version": "3.9",
"os": "windows",
"target": "3rdparty/windows_with_deps_39",
"dependencies": true
},
{
"name": "lxml",
"version": "6.0.2",
"platform": "manylinux2014_x86_64",
"python_version": "3.13",
"os": "linux",
"target": "3rdparty/linux_with_deps_313",
"dependencies": true
},
{
"name": "lxml",
"version": "6.0.2",
"platform": "win_amd64",
"python_version": "3.13",
"os": "windows",
"target": "3rdparty/windows_with_deps_313",
"dependencies": true
},
{
"name": "lxml",
"version": "5.4.0",
"platform": "manylinux2014_x86_64",
"python_version": "3.9",
"os": "linux",
"target": "3rdparty/linux_with_deps_39",
"dependencies": true
},
{
"name": "lxml",
"version": "5.4.0",
"platform": "win_amd64",
"python_version": "3.9",
"os": "windows",
"target": "3rdparty/windows_with_deps_39",
"dependencies": true
},
{
"name": "rl-renderPM",
"version": "4.0.3",
"platform": "manylinux2014_x86_64",
"python_version": "3.9",
"os": "linux",
"target": "3rdparty/linux_with_deps_39",
"dependencies": true
},
{
"name": "rl-renderPM",
"version": "4.0.3",
"platform": "win_amd64",
"python_version": "3.9",
"os": "windows",
"target": "3rdparty/windows_with_deps_39",
"dependencies": true
}
],
"_uccVersion": "6.1.0"
}
}
Reference in new issue View Git Blame Copy Permalink