Add_app-for_DS

Apps_for_DS/01-Conf_license_slave/default/app.conf

@@ -0,0 +1,11 @@
+        [launcher]
+        version = 1.0.0
+        author =  VABOS
+        description = Configure instance as License Slave
+
+        [package]
+        id = Conf_license_slave
+
+
+        [ui]
+        is_visible = false

Apps_for_DS/01-Conf_license_slave/default/server.conf

@@ -0,0 +1,9 @@
+        # In distributed environments, it's common to have a lone search head acting
+        # as the license master as well. In this configuration, providing the URI
+        # of the license master is easiest within the indexer_base configuration.
+        # In the event that there are multiple search heads, you could instead use
+        # the org_all_license app, shipped to the non-license SH, as well as all of
+        # the indexers. In either event, the settings are the same.
+
+        [license]
+        master_uri = https://SVLCTPLOGLMR.mom.fr:8089

Apps_for_DS/01-Conf_license_slave/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_kvstore_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Disable Kvstore on Indexers
+
+[package]
+id = edf_idx_kvstore_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_kvstore_base/default/server.conf

@@ -0,0 +1,4 @@
+# kvstore not needed on indexers, let's disable it
+# even when distributing collection via bundle, it won't be used on indexer as this use lookups in the background
+[kvstore]
+disabled = true

Apps_for_DS/01-idx_kvstore_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_receiver_port/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Enable receiving on Indexer layer
+
+[package]
+id = edf_idx_receiver_port
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_receiver_port/default/inputs.conf

@@ -0,0 +1 @@
+[splunktcp://9997]

Apps_for_DS/01-idx_receiver_port/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_volume_indexes/default/app.conf

@@ -0,0 +1,11 @@
+
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Contient la configuration des volumes de données
+
+[package]
+id = edf_idx_volume_indexes
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_volume_indexes/default/indexes.conf

@@ -0,0 +1,7 @@
+[volume:primary]
+path = /data/splunk_data
+maxVolumeDataSizeMB = 60000
+
+[volume:secondary]
+path = /data_cold/splunk_data
+maxVolumeDataSizeMB = 240000

Apps_for_DS/01-idx_volume_indexes/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/01-idx_volume_indexes/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/01-idx_web_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = Mattys Hervé (OBS)
+description = Disable Web access on Indexers
+
+[package]
+id = odin_idx_web_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/01-idx_web_base/default/web.conf

@@ -0,0 +1,12 @@
+# In larger environments, where there are more than, say, three indexers,
+# it's common to disable the Splunk UI. This helps avoid configuration issues
+# caused by logging in to the UI to do something directly via the manager,
+# as well as saving some system resources.
+
+[settings]
+ startwebserver = 0
+
+# avoid timeout when indexer loaded 
+splunkdConnectionTimeout = 120
+
+

Apps_for_DS/01-idx_web_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_CM/local/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+author =  VABOS
+description = Configure Distributed Search for Monitoring Console
+version = 1.0
+
+[package]
+id = MAQ_M-TIC_DSMC
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_CM/local/distsearch.conf

@@ -0,0 +1,19 @@
+[distributedSearch:dmc_group_search_head]
+servers = localhost:localhost
+[distributedSearch:dmc_group_cluster_master]
+
+
+[distributedSearch:dmc_group_license_master]
+
+[distributedSearch:dmc_group_deployment_server]
+
+[distributedSearch:dmc_group_indexer]
+default = false
+servers = SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089
+
+[distributedSearch:dmc_group_shc_deployer]
+
+[distributedSearch:dmc_group_kv_store]
+
+[distributedSearch:dmc_indexerclustergroup_Cluster_M-TIC]
+servers = localhost:localhost,SVLCTPLOGIDX01.mom.fr:8089,SVLCTPLOGIDX02.mom.fr:8089

Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0
+author =  VABOS
+description = Enable forwarding to Indexer layer
+
+[package]
+id = m-tic_all_forwarding_outputs
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_all_forwarding_outputs/default/outputs.conf

@@ -0,0 +1,12 @@
+# BASE SETTINGS
+
+[tcpout]
+# Change here to specify the indexer group
+defaultGroup = m-tic_indexer
+maxQueueSize = 7MB
+useACK = true
+forceTimebasedAutoLB = true
+
+[tcpout:m-tic_indexer]
+server =  SVLCTPLOGIDX01.mom.fr:9997, SVLCTPLOGIDX02.mom.fr:9997
+~

Apps_for_DS/02-M-TIC_all_forwarding_outputs/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/catchother/*/*/*.log]
+disabled = false
+index = idx_m-tic_catchall
+sourcetype = catchall

Apps_for_DS/02-M-TIC_catchall_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/cisco/.../*.log]
+disabled = false
+index = idx_m-tic_cisco
+sourcetype = cisco

Apps_for_DS/02-M-TIC_cisco_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_cluster_master_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure Cluster Master
+
+[package]
+id = M-TIC_cluster_master_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_cluster_master_base/default/server.conf

@@ -0,0 +1,5 @@
+[clustering]
+cluster_label = Cluster_M-TIC
+mode = master
+pass4SymmKey = $7$1JZXXCgXZOKWw96+KVrSoIutrByS/XTphleSPBtf6kKOfqNZ3ei5Nbl5/5c8nxenjVnypA==
+replication_factor = 2

Apps_for_DS/02-M-TIC_cluster_master_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/esxi/*/*/*.log]
+disabled = false
+index = idx_m-tic_esxi
+sourcetype = esxi

Apps_for_DS/02-M-TIC_esxi_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,4 @@
+[monitor:///var/rsyslog/*/fortigate/*/*/*.log]
+disabled = false
+index = idx_m-tic_fortigate
+sourcetype = fortigate

Apps_for_DS/02-M-TIC_fortigate_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_idx_cluster_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default clustering options on Indexers
+
+[package]
+id = M-TIC_idx_cluster_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_idx_cluster_base/default/fields.conf

@@ -0,0 +1,2 @@
+[edfZone]
+INDEXED = true

Apps_for_DS/02-M-TIC_idx_cluster_base/default/server.conf

@@ -0,0 +1,9 @@
+[general]
+site = site1
+
+[replication_port://9100]
+
+[clustering]
+master_uri = https://SVLCTPLOGCLM01.mom.fr:8089
+mode = peer
+pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza

Apps_for_DS/02-M-TIC_idx_cluster_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_idx_indexes_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author =  VABOS
+description = Configure default optimisation on Indexers
+
+[package]
+id = edf_idx_indexes_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_idx_indexes_base/default/indexes.conf

@@ -0,0 +1,65 @@
+[default]
+thawedPath = $SPLUNK_DB/$_index_name/thaweddb
+coldPath = volume:secondary/$_index_name/colddb
+homePath = volume:primary/$_index_name/db
+tstatsHomePath = volume:primary/$_index_name/datamodel_summary
+tsidxWritingLevel = 4
+journalCompression = zstd
+enableDataIntegrityControl = 0
+enableTsidxReduction = 0
+archiver.enableDataArchive = 0
+bucketRebuildMemoryHint = 0
+compressRawdata = 1
+enableOnlineBucketRepair = 1
+rtRouterQueueSize =
+rtRouterThreads =
+selfStorageThreads =
+suspendHotRollByDeleteQuery = 0
+syncMeta = 1
+
+[idx_m-tic_windows]
+
+[idx_m-tic_fortigate]
+
+[idx_m-tic_linux]
+
+[idx_m-tic_esxi]
+
+[vmware-esxilog]
+
+[vmware-perf-metrics]
+datatype = metric
+
+[vmware-inv]
+
+[vmware-taskevent]
+
+[vmware-vclog]
+
+[idx_m-tic_alcatel]
+
+[idx_m-tic_cisco]
+
+[idx_m-tic_switch]
+
+[idx_m-tic_catchall]
+
+[idx_m-tic_catchother]
+
+[idx_m-tic_other]
+
+[idx_m-tic_glpi]
+
+[idx_m-tic_glpi_vm]
+
+[idx_m-tic_glpi_kb]
+
+[idx_m-tic_glpi_sep]
+
+[idx_m-tic_glpi_obsolescence]
+
+[idx_m-tic_genetec_sc]
+
+[idx_ldap]
+
+[idx_m-tic_synology]

Apps_for_DS/02-M-TIC_idx_indexes_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,5 @@
+[monitor:///var/rsyslog/*/linux/.../*.log]
+disabled = 0
+host_segment = 6
+index = idx_m-tic_linux
+sourcetype = syslog_linux

Apps_for_DS/02-M-TIC_linux_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system

Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/app.conf

@@ -0,0 +1,11 @@
+[launcher]
+version = 1.0.0
+author = VABOS
+description = Configure Search Head for IDX Clustering
+
+[package]
+id = M-TIN_sh_idxcluster_base
+
+
+[ui]
+is_visible = false

Apps_for_DS/02-M-TIC_sh_idxcluster_base/default/server.conf

@@ -0,0 +1,9 @@
+[general]
+site = site2
+
+[clustering]
+multisite = true
+master_uri = https://SVLHTMLOGCLM01.unit-h.edf.fr:8089
+mode = searchhead
+pass4SymmKey = $7$i7IqoiyC1DpnVbSVtwGzuVTO5rmVyPCI2CMacpHEFs3N2oFAaF0EJ049Otza
+

Apps_for_DS/02-M-TIC_sh_idxcluster_base/local/app.conf

@@ -0,0 +1 @@
+# Autogenerated file 

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/app.conf

@@ -0,0 +1,9 @@
+[install]
+state = enabled
+
+[package]
+check_for_updates = false
+
+[ui]
+is_visible = false
+is_manageable = false

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/local/inputs.conf

@@ -0,0 +1,7 @@
+[WinEventLog]
+interval=60
+evt_resolve_ad_obj = 0
+evt_dc_name=
+evt_dns_name=
+index = idx_m-tic_windows
+sourcetype = events_windows

Apps_for_DS/02-M-TIC_windows_forwarders_inputs/metadata/local.meta

@@ -0,0 +1,3 @@
+[]
+access = read : [ * ], write : [ admin ]
+export = system