diff --git a/.gitmodules b/.gitmodules index a3a4f4dd..460f8607 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ -[submodule "deps/build/addonfactory_test_matrix_splunk"] - path = deps/build/addonfactory_test_matrix_splunk - url = https://github.com/splunk/addonfactory_test_matrix_splunk.git [submodule "deps/apps/Splunk_SA_CIM"] path = deps/apps/Splunk_SA_CIM url = git@github.com:splunk/addonfactory-splunk_sa_cim.git diff --git a/Dockerfile.splunk b/Dockerfile.splunk index 6b8a4ed9..99a0dbc1 100644 --- a/Dockerfile.splunk +++ b/Dockerfile.splunk @@ -19,5 +19,5 @@ ARG SPLUNK_APP_ID=TA_UNKNOWN ARG SPLUNK_APP_PACKAGE=package COPY ${SPLUNK_APP_PACKAGE} /opt/splunk/etc/apps/${SPLUNK_APP_ID} COPY deps/apps /opt/splunk/etc/apps/ -COPY deps/build/addonfactory_test_matrix_splunk/packages/all/common /opt/splunk/etc/apps/ -COPY deps/build/addonfactory_test_matrix_splunk/packages/all/sh /opt/splunk/etc/apps/ +COPY indexes.conf /opt/splunk/etc/apps/$SPLUNK_APP_ID/local/indexes.conf +COPY authorize.conf /opt/splunk/etc/system/local/authorize.conf diff --git a/authorize.conf b/authorize.conf new file mode 100644 index 00000000..19e12c9c --- /dev/null +++ b/authorize.conf @@ -0,0 +1,2 @@ +[role_admin] +importRoles = can_delete;power;user diff --git a/deps/build/addonfactory_test_matrix_splunk b/deps/build/addonfactory_test_matrix_splunk deleted file mode 160000 index 8c9e797e..00000000 --- a/deps/build/addonfactory_test_matrix_splunk +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 8c9e797ecd2f1133ffde70d65caf47f49f74d0fb diff --git a/indexes.conf b/indexes.conf new file mode 100644 index 00000000..fffb8a47 --- /dev/null +++ b/indexes.conf @@ -0,0 +1,115 @@ +[default] +lastChanceIndex = main + +[syslogng_metrics] +datatype=metric +homePath = $SPLUNK_DB/syslogng_metrics/db +coldPath = $SPLUNK_DB/syslogng_metrics/colddb +thawedPath = $SPLUNK_DB/syslogng_metrics/thaweddb + +[email] +homePath = $SPLUNK_DB/email/db +coldPath = $SPLUNK_DB/email/colddb +thawedPath = $SPLUNK_DB/email/thaweddb + +[epav] +homePath = $SPLUNK_DB/epav/db +coldPath = $SPLUNK_DB/epav/colddb +thawedPath = $SPLUNK_DB/epav/thaweddb + +[epintel] +homePath = $SPLUNK_DB/epintel/db +coldPath = $SPLUNK_DB/epintel/colddb +thawedPath = $SPLUNK_DB/epintel/thaweddb + +[em_metrics] +datatype=metric +homePath = $SPLUNK_DB/em_metrics/db +coldPath = $SPLUNK_DB/em_metrics/colddb +thawedPath = $SPLUNK_DB/em_metrics/thaweddb + +[syslogng_fallback] +homePath = $SPLUNK_DB/syslogng_fallback/db +coldPath = $SPLUNK_DB/syslogng_fallback/colddb +thawedPath = $SPLUNK_DB/syslogng_fallback/thaweddb + + +[test] +homePath = $SPLUNK_DB/test/db +coldPath = $SPLUNK_DB/test/colddb +thawedPath = $SPLUNK_DB/test/thaweddb + +[test2] +homePath = $SPLUNK_DB/test2/db +coldPath = $SPLUNK_DB/test2/colddb +thawedPath = $SPLUNK_DB/test2/thaweddb + +[infraops] +homePath = $SPLUNK_DB/infraops/db +coldPath = $SPLUNK_DB/infraops/colddb +thawedPath = $SPLUNK_DB/infraops/thaweddb + +[osnix] +homePath = $SPLUNK_DB/osnix/db +coldPath = $SPLUNK_DB/osnix/colddb +thawedPath = $SPLUNK_DB/osnix/thaweddb + +[oswin] +homePath = $SPLUNK_DB/oswin/db +coldPath = $SPLUNK_DB/oswin/colddb +thawedPath = $SPLUNK_DB/oswin/thaweddb + +[oswinsec] +homePath = $SPLUNK_DB/oswinsec/db +coldPath = $SPLUNK_DB/oswinsec/colddb +thawedPath = $SPLUNK_DB/oswinsec/thaweddb + +[netauth] +homePath = $SPLUNK_DB/netauth/db +coldPath = $SPLUNK_DB/netauth/colddb +thawedPath = $SPLUNK_DB/netauth/thaweddb + +[netdlp] +homePath = $SPLUNK_DB/netdlp/db +coldPath = $SPLUNK_DB/netdlp/colddb +thawedPath = $SPLUNK_DB/netdlp/thaweddb + +[netdns] +homePath = $SPLUNK_DB/netdns/db +coldPath = $SPLUNK_DB/netdns/colddb +thawedPath = $SPLUNK_DB/netdns/thaweddb + +[netfw] +homePath = $SPLUNK_DB/netfw/db +coldPath = $SPLUNK_DB/netfw/colddb +thawedPath = $SPLUNK_DB/netfw/thaweddb + +[netids] +homePath = $SPLUNK_DB/netids/db +coldPath = $SPLUNK_DB/netids/colddb +thawedPath = $SPLUNK_DB/netids/thaweddb + +[netipam] +homePath = $SPLUNK_DB/netipam/db +coldPath = $SPLUNK_DB/netipam/colddb +thawedPath = $SPLUNK_DB/netipam/thaweddb + +[netops] +homePath = $SPLUNK_DB/netops/db +coldPath = $SPLUNK_DB/netops/colddb +thawedPath = $SPLUNK_DB/netops/thaweddb + +[netproxy] +homePath = $SPLUNK_DB/netproxy/db +coldPath = $SPLUNK_DB/netproxy/colddb +thawedPath = $SPLUNK_DB/netproxy/thaweddb + +[netwaf] +homePath = $SPLUNK_DB/netwaf/db +coldPath = $SPLUNK_DB/netwaf/colddb +thawedPath = $SPLUNK_DB/netwaf/thaweddb + +[email] +homePath = $SPLUNK_DB/email/db +coldPath = $SPLUNK_DB/email/colddb +thawedPath = $SPLUNK_DB/email/thaweddb