├── .eslintignore
├── resources
├── projects
│ ├── modviz
│ │ ├── README
│ │ │ └── savedsearches.conf.spec
│ │ ├── default
│ │ │ ├── savedsearches.conf
│ │ │ ├── data
│ │ │ │ └── ui
│ │ │ │ │ ├── views
│ │ │ │ │ └── README
│ │ │ │ │ └── nav
│ │ │ │ │ └── default.xml
│ │ │ ├── visualizations.conf
│ │ │ └── app.conf
│ │ ├── appserver
│ │ │ └── static
│ │ │ │ └── visualizations
│ │ │ │ └── standin
│ │ │ │ ├── visualization.css
│ │ │ │ ├── formatter.html
│ │ │ │ ├── webpack.config.js
│ │ │ │ ├── package.json
│ │ │ │ ├── README.md
│ │ │ │ └── src
│ │ │ │ └── visualization_source.js
│ │ └── metadata
│ │ │ └── default.meta
│ ├── searchcommands_template
│ │ ├── metadata
│ │ │ └── default.meta
│ │ ├── default
│ │ │ ├── searchbnf.conf
│ │ │ ├── commands-scpv2.conf
│ │ │ ├── app.conf
│ │ │ ├── commands-scpv1.conf
│ │ │ ├── commands.conf
│ │ │ └── data
│ │ │ │ └── ui
│ │ │ │ └── nav
│ │ │ │ └── default.xml
│ │ ├── bin
│ │ │ ├── generate.py
│ │ │ ├── stream.py
│ │ │ ├── filter.py
│ │ │ └── report.py
│ │ └── lib
│ │ │ └── splunklib
│ │ │ └── __init__.py
│ └── resthandler_template
│ │ ├── README
│ │ └── example_eai_handler.conf.spec
│ │ ├── default
│ │ ├── web.conf
│ │ ├── app.conf
│ │ └── restmap.conf
│ │ ├── bin
│ │ ├── example_eai_handler_schema.py
│ │ ├── log_helper.py
│ │ └── schema.LICENSE-MIT
│ │ └── README.md
├── favicon.ico
├── dark
│ ├── view.svg
│ ├── search.svg
│ └── refresh.svg
└── light
│ ├── refresh.svg
│ ├── search.svg
│ └── view.svg
├── images
├── icon.png
└── splunk.svg
├── .babelrc
├── .vscodeignore
├── tsconfig-test.json
├── .vscode
├── extension.json
└── tasks.json
├── jsconfig.json
├── spec_files
├── 7.3
│ ├── literals.conf.spec
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── fshpasswords.conf.spec
│ ├── migration.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── passwords.conf.spec
│ ├── source-classifier.conf.spec
│ ├── tags.conf.spec
│ ├── audit.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ └── federated.conf.spec
├── 8.0
│ ├── literals.conf.spec
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── fshpasswords.conf.spec
│ ├── migration.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── bookmarks.conf.spec
│ ├── passwords.conf.spec
│ ├── source-classifier.conf.spec
│ ├── tags.conf.spec
│ ├── audit.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── federated.conf.spec
│ └── instance.cfg.spec
├── 8.1
│ ├── literals.conf.spec
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── fshpasswords.conf.spec
│ ├── migration.conf.spec
│ ├── passwords.conf.spec
│ ├── bookmarks.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── source-classifier.conf.spec
│ ├── workload_policy.conf.spec
│ ├── tags.conf.spec
│ ├── audit.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── federated.conf.spec
│ ├── global-banner.conf.spec
│ └── instance.cfg.spec
├── 8.2
│ ├── literals.conf.spec
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── fshpasswords.conf.spec
│ ├── migration.conf.spec
│ ├── passwords.conf.spec
│ ├── bookmarks.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── source-classifier.conf.spec
│ ├── workload_policy.conf.spec
│ ├── tags.conf.spec
│ ├── audit.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── global-banner.conf.spec
│ └── instance.cfg.spec
├── 9.0
│ ├── literals.conf.spec
│ ├── default-mode.conf.examples
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── migration.conf.spec
│ ├── passwords.conf.spec
│ ├── bookmarks.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── source-classifier.conf.spec
│ ├── audit.conf.spec
│ ├── livetail.conf.examples
│ ├── web-features.conf.spec
│ ├── workload_policy.conf.spec
│ ├── tags.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── global-banner.conf.spec
│ └── instance.cfg.spec
├── 9.1
│ ├── literals.conf.spec
│ ├── default-mode.conf.examples
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── migration.conf.spec
│ ├── passwords.conf.spec
│ ├── bookmarks.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── source-classifier.conf.spec
│ ├── audit.conf.spec
│ ├── livetail.conf.examples
│ ├── workload_policy.conf.spec
│ ├── tags.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── global-banner.conf.spec
│ └── instance.cfg.spec
├── 9.2
│ ├── literals.conf.spec
│ ├── default-mode.conf.examples
│ ├── deployment.conf.spec
│ ├── datatypesbnf.conf.spec
│ ├── migration.conf.spec
│ ├── passwords.conf.spec
│ ├── bookmarks.conf.spec
│ ├── procmon-filters.conf.spec
│ ├── source-classifier.conf.spec
│ ├── audit.conf.spec
│ ├── livetail.conf.examples
│ ├── workload_policy.conf.spec
│ ├── tags.conf.spec
│ ├── sourcetypes.conf.spec
│ ├── viewstates.conf.spec
│ ├── user-seed.conf.spec
│ ├── global-banner.conf.spec
│ └── instance.cfg.spec
└── default.meta.spec
├── test
├── acceptance
│ ├── documents
│ │ └── blank.spl2nb
│ ├── index.ts
│ └── spl2.test.ts
├── spec.stats.test.js
├── runFunctionalTests.ts
├── functional
│ └── index.ts
└── runAcceptanceTests.ts
├── .gitignore
├── .eslintrc.json
├── snippets
└── restmap.conf
├── out
├── notebooks
│ ├── renderer
│ │ └── .eslintrc.json
│ ├── utils
│ │ └── messages.ts
│ └── visualizations.ts
├── globalConfigPreview.js
└── foldingRangeProvider.js
├── tsconfig.json
├── spl-language-configuration.json
├── splunk-language-configuration.json
├── LICENSE
├── spl2-language-configuration.json
├── syntaxes
└── splunk.tmLanguage.json
└── .github
└── workflows
├── build-test.yaml
└── package-acceptance-test.yaml
/.eslintignore:
--------------------------------------------------------------------------------
1 | **/resources/projects/**/*.js
--------------------------------------------------------------------------------
/resources/projects/modviz/README/savedsearches.conf.spec:
--------------------------------------------------------------------------------
1 | # Declare properties here
--------------------------------------------------------------------------------
/resources/projects/modviz/default/savedsearches.conf:
--------------------------------------------------------------------------------
1 | [default]
2 | # Set property defaults
--------------------------------------------------------------------------------
/images/icon.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/vscode-extension-splunk/HEAD/images/icon.png
--------------------------------------------------------------------------------
/resources/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/splunk/vscode-extension-splunk/HEAD/resources/favicon.ico
--------------------------------------------------------------------------------
/.babelrc:
--------------------------------------------------------------------------------
1 | {
2 | "presets": [
3 | "@babel/preset-env",
4 | "@babel/preset-react"
5 | ]
6 | }
7 |
--------------------------------------------------------------------------------
/resources/projects/modviz/default/data/ui/views/README:
--------------------------------------------------------------------------------
1 | Add all the views that your app needs in this directory
2 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/metadata/default.meta:
--------------------------------------------------------------------------------
1 | []
2 | access = read: [ * ], write : [ admin ]
3 |
4 | [searchbnf]
5 | export = system
--------------------------------------------------------------------------------
/resources/projects/modviz/appserver/static/visualizations/standin/visualization.css:
--------------------------------------------------------------------------------
1 | /*
2 | * CSS rules for visualization.
3 | * Class namespacing is good practice.
4 | */
5 |
6 |
--------------------------------------------------------------------------------
/.vscodeignore:
--------------------------------------------------------------------------------
1 | test/
2 | .vscode
3 | .vscode/**
4 | .vscode-test/**
5 | out/test/**
6 | out/**/*.map
7 | src/**
8 | .gitignore
9 | tsconfig.json
10 | node_modules
11 | webpack.config.js
--------------------------------------------------------------------------------
/resources/projects/modviz/default/data/ui/nav/default.xml:
--------------------------------------------------------------------------------
1 |
5 |
--------------------------------------------------------------------------------
/resources/projects/modviz/default/visualizations.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Declare shared visualizations
3 | #
4 |
5 | [standin]
6 | label = Standin Viz
7 | description = This is a stand-in visualization.
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/README/example_eai_handler.conf.spec:
--------------------------------------------------------------------------------
1 | custom_parameter =
2 | * A custom string accessible as a conf stanza parameter through a custom rest handler
--------------------------------------------------------------------------------
/tsconfig-test.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": "./tsconfig.json",
3 | "compilerOptions": {
4 | "rootDir": ".",
5 | "outDir": "out"
6 | },
7 | "include": [
8 | "./test/**/*.ts",
9 | "./package.json"
10 | ]
11 | }
--------------------------------------------------------------------------------
/.vscode/extension.json:
--------------------------------------------------------------------------------
1 | {
2 | // See http://go.microsoft.com/fwlink/?LinkId=827846
3 | // for the documentation about the extensions.json format
4 | "recommendations": ["dbaeumer.vscode-eslint", "amodio.tsl-problem-matcher"]
5 | }
--------------------------------------------------------------------------------
/resources/projects/modviz/appserver/static/visualizations/standin/formatter.html:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/jsconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "compilerOptions": {
3 | "module": "commonjs",
4 | "target": "es6",
5 | "checkJs": false, /* Typecheck .js files. */
6 | "lib": [
7 | "es6"
8 | ]
9 | },
10 | "exclude": [
11 | "node_modules"
12 | ]
13 | }
14 |
--------------------------------------------------------------------------------
/spec_files/7.3/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/8.0/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/8.1/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/8.2/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/9.0/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/9.1/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/spec_files/9.2/literals.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file and all forms of literals.conf are now deprecated.
4 | # Instead, use the messages.conf file which is documented
5 | # at "Customize Splunk Web messages" in the Splunk documentation.
6 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/default/web.conf:
--------------------------------------------------------------------------------
1 | [expose:example_eai_handler]
2 | methods = POST,GET,DELETE
3 | pattern = example_eai_handler
4 |
5 | [expose:example_eai_handler_specify]
6 | methods = POST,GET,DELETE
7 | pattern = eexample_eai_handler/*
8 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/searchbnf.conf:
--------------------------------------------------------------------------------
1 | # [searchbnf.conf](http://docs.splunk.com/Documentation/Splunk/latest/Admin/Searchbnfconf)
2 |
3 | # [foo-command]
4 | # syntax = [foo]
5 | # shortdesc = [a brief description of your command]
6 | # usage = public
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/commands-scpv2.conf:
--------------------------------------------------------------------------------
1 | # [commands.conf]($SPLUNK_HOME/etc/system/README/commands.conf.spec)
2 | # Configuration for Search Commands Protocol version 2
3 |
4 | [%(command.lower()]
5 | filename = %(command.lower()).py
6 | chunked = true
7 |
--------------------------------------------------------------------------------
/spec_files/9.0/default-mode.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 |
4 | # re-enable the udp input on a SplunkLightForwarder
5 |
6 | [pipeline:udp]
7 | disabled = false
8 |
9 | # re-enable the tcp input on a SplunkLightForwarder
10 |
11 | [pipeline:tcp]
12 | disabled = false
13 |
14 |
--------------------------------------------------------------------------------
/spec_files/9.1/default-mode.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 |
4 | # re-enable the udp input on a SplunkLightForwarder
5 |
6 | [pipeline:udp]
7 | disabled = false
8 |
9 | # re-enable the tcp input on a SplunkLightForwarder
10 |
11 | [pipeline:tcp]
12 | disabled = false
13 |
14 |
--------------------------------------------------------------------------------
/spec_files/9.2/default-mode.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 |
4 | # re-enable the udp input on a SplunkLightForwarder
5 |
6 | [pipeline:udp]
7 | disabled = false
8 |
9 | # re-enable the tcp input on a SplunkLightForwarder
10 |
11 | [pipeline:tcp]
12 | disabled = false
13 |
14 |
--------------------------------------------------------------------------------
/test/acceptance/documents/blank.spl2nb:
--------------------------------------------------------------------------------
1 | {
2 | "modules": [
3 | {
4 | "name": "module1",
5 | "namespace": "",
6 | "definition": " ",
7 | "_vscode": {
8 | "metadata": {},
9 | "outputs": []
10 | }
11 | }
12 | ],
13 | "app": "apps.search"
14 | }
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/default/app.conf:
--------------------------------------------------------------------------------
1 | # Splunk app configuration file
2 |
3 | [ui]
4 | label = Custom REST handler
5 | is_visible = 1
6 |
7 | [launcher]
8 | description = Custom REST handler by Visual Studio Code
9 | author = author
10 | version = 0.0.1
11 |
12 | [install]
13 | is_configured = 0
--------------------------------------------------------------------------------
/resources/projects/modviz/default/app.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Splunk app configuration file
3 | #
4 |
5 | [install]
6 | is_configured = 1
7 |
8 | [ui]
9 | is_visible = 1
10 | label = standin
11 |
12 | [launcher]
13 | author = author
14 | description = Custom visualization generated by Visual Studio Code
15 | version = 1.0
16 |
17 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/default/restmap.conf:
--------------------------------------------------------------------------------
1 | [admin:example_eai_handler_manager]
2 | match = /
3 | members = example_eai_handler
4 |
5 | [admin_external:example_eai_handler]
6 | handlertype = python
7 | handlerfile = example_eai_handler.py
8 | handleractions = list,edit,create,remove,_reload
9 | handlerpersistentmode = true
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/app.conf:
--------------------------------------------------------------------------------
1 | # Splunk app configuration file
2 |
3 | [ui]
4 | label = standin
5 | is_visible = 1
6 |
7 | [package]
8 | id = standin
9 |
10 | [launcher]
11 | description = Custom command created by Visual Studio Code
12 | author = author
13 | version = 0.0.1
14 |
15 | [install]
16 | is_configured = 0
17 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | npm-debug.log
3 | Thumbs.db
4 | */node_modules/
5 | node_modules
6 | */out/
7 | */.vs/
8 | tsconfig.lsif.json
9 | *.lsif
10 | *.db
11 | .Spotlight*
12 | .Trash*
13 | *.bak
14 | *.pyc
15 | conf_diff.py
16 | *.vsix
17 | dist/
18 | out/test
19 | out/package.json
20 | .vscode-test
21 | **/out/notebooks/*.js
22 | **/out/notebooks/*.map
23 | **/out/notebooks/**/*.js
24 | **/out/notebooks/**/*.map
--------------------------------------------------------------------------------
/spec_files/7.3/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/8.0/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/8.1/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/8.2/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/9.1/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/9.2/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/spec_files/9.0/deployment.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # *** REMOVED; NO LONGER USED ***
4 | #
5 | #
6 | # This configuration file has been replaced by:
7 | # 1.) deploymentclient.conf - for configuring Deployment Clients.
8 | # 2.) serverclass.conf - for Deployment Server server class configuration.
9 | #
10 | #
11 | # Compatibility:
12 | # Splunk 4.x Deployment Server is NOT compatible with Splunk 3.x Deployment Clients.
13 | #
14 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/commands-scpv1.conf:
--------------------------------------------------------------------------------
1 | # [commands.conf]($SPLUNK_HOME/etc/system/README/commands.conf.spec)
2 | # Configuration for Search Commands Protocol version 1
3 |
4 | [%(command.lower()]
5 | filename = %(command.lower()).py
6 | enableheader = true
7 | outputheader = true
8 | requires_srinfo = true
9 | stderr_dest = message
10 | supports_getinfo = true
11 | supports_rawargs = true
12 | supports_multivalues = true
13 |
--------------------------------------------------------------------------------
/images/splunk.svg:
--------------------------------------------------------------------------------
1 |
2 |
7 |
--------------------------------------------------------------------------------
/.eslintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "env": {
3 | "browser": false,
4 | "commonjs": true,
5 | "es6": true,
6 | "node": true,
7 | "mocha": true
8 | },
9 | "parserOptions": {
10 | "ecmaFeatures": {
11 | "jsx": true
12 | },
13 | "ecmaVersion": 2018,
14 | "sourceType": "module"
15 | },
16 | "rules": {
17 | "no-const-assign": "warn",
18 | "no-this-before-super": "warn",
19 | "no-undef": "warn",
20 | "no-unreachable": "warn",
21 | "no-unused-vars": "warn",
22 | "constructor-super": "warn",
23 | "valid-typeof": "warn"
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/resources/projects/modviz/appserver/static/visualizations/standin/webpack.config.js:
--------------------------------------------------------------------------------
1 | var webpack = require('webpack');
2 | var path = require('path');
3 |
4 | module.exports = {
5 | entry: 'visualization_source',
6 | resolve: {
7 | root: [
8 | path.join(__dirname, 'src'),
9 | ]
10 | },
11 | output: {
12 | filename: 'visualization.js',
13 | libraryTarget: 'amd'
14 | },
15 | externals: [
16 | 'api/SplunkVisualizationBase',
17 | 'api/SplunkVisualizationUtils'
18 | ]
19 | };
--------------------------------------------------------------------------------
/snippets/restmap.conf:
--------------------------------------------------------------------------------
1 | {
2 | "admin-external": {
3 | "description": "Generate restmap.conf admin_external stanza",
4 | "prefix": "admin_external",
5 | "body": [
6 | "[admin_external:${1:uniqueName}]",
7 | "handlertype = python",
8 | "python.version = ${2|python3,default,python,python2|}",
9 | "handlerfile = ${1:uniqueName}_rh.py",
10 | "handleractions = edit, list, remove, create",
11 | "handlerpersistentmode = ${3|true,false|}"
12 | ]
13 | }
14 | }
--------------------------------------------------------------------------------
/spec_files/7.3/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands
5 |
6 | []
7 | * The name of the syntax type you're configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for you syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/8.0/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands
5 |
6 | []
7 | * The name of the syntax type you're configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for you syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/8.1/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands.
5 |
6 | []
7 | * The name of the syntax type you are configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for your syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/8.2/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands.
5 |
6 | []
7 | * The name of the syntax type you are configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for your syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/9.0/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands.
5 |
6 | []
7 | * The name of the syntax type you are configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for your syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/9.1/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands.
5 |
6 | []
7 | * The name of the syntax type you are configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for your syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/spec_files/9.2/datatypesbnf.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file effects how the search assistant (typeahead) shows the syntax for
4 | # search commands.
5 |
6 | []
7 | * The name of the syntax type you are configuring.
8 | * Follow this field name with one syntax= definition.
9 | * Syntax type can only contain a-z, and -, but cannot begin with -
10 |
11 | syntax =
12 | * The syntax for your syntax type.
13 | * Should correspond to a regular expression describing the term.
14 | * Can also be a or other similar value.
15 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/commands.conf:
--------------------------------------------------------------------------------
1 | # [commands.conf]($SPLUNK_HOME/etc/system/README/commands.conf.spec)
2 | # Configured for Search Command Protocol version 1 by default
3 | # Replace the contents of this file with commands-scpv2.conf to enable Search Command Protocol version 2
4 |
5 | # [%(command.lower()]
6 | # filename = %(command.lower()).py
7 | # enableheader = true
8 | # outputheader = true
9 | # requires_srinfo = true
10 | # stderr_dest = message
11 | # supports_getinfo = true
12 | # supports_rawargs = true
13 | # supports_multivalues = true
14 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/bin/example_eai_handler_schema.py:
--------------------------------------------------------------------------------
1 | from schema import Schema, And
2 |
3 | # The schema validation is provided by the Schema library documented here: https://pypi.org/project/schema/
4 | example_schema = Schema({
5 | 'name': And(str, len, error='Invalid name value'),
6 | 'custom_parameter': And(str, len, error='Invalid custom_parameter value'),
7 | })
8 |
9 | CONF_FIELDS = ['name', 'custom_parameter']
10 |
11 | # Supported POST request arguments -- removes name for Splunk API expectations
12 | ALL_FIELDS = list(set(CONF_FIELDS) - set(['name']))
--------------------------------------------------------------------------------
/out/notebooks/renderer/.eslintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "root": true,
3 | "parser": "@typescript-eslint/parser",
4 | "parserOptions": {
5 | "ecmaVersion": 6,
6 | "sourceType": "module"
7 | },
8 | "plugins": [
9 | "@typescript-eslint"
10 | ],
11 | "rules": {
12 | "@typescript-eslint/naming-convention": "warn",
13 | "@typescript-eslint/semi": "warn",
14 | "curly": "warn",
15 | "eqeqeq": "warn",
16 | "no-throw-literal": "warn",
17 | "semi": "off"
18 | },
19 | "ignorePatterns": [
20 | "out",
21 | "dist",
22 | "**/*.d.ts"
23 | ]
24 | }
25 |
--------------------------------------------------------------------------------
/out/notebooks/utils/messages.ts:
--------------------------------------------------------------------------------
1 | import * as vscode from 'vscode'
2 |
3 | export interface SplunkMessage {
4 | type: string,
5 | code: string,
6 | text: string
7 | }
8 |
9 | export function splunkMessagesToOutputItems(messages: SplunkMessage[]) : vscode.NotebookCellOutputItem[] {
10 | return messages.map(msg => splunkMessageToOutputItem(msg))
11 | }
12 |
13 | export function splunkMessageToOutputItem(message: SplunkMessage) : vscode.NotebookCellOutputItem {
14 |
15 | const outputItem = vscode.NotebookCellOutputItem.text(
16 | `${message.type}: ${message.code ? message.code + ' - ' : ''} ${message.text}`
17 | )
18 | return outputItem
19 | }
20 |
21 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/default/data/ui/nav/default.xml:
--------------------------------------------------------------------------------
1 |
19 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/bin/generate.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 | import os
5 |
6 | sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
7 | from splunklib.searchcommands import \
8 | dispatch, GeneratingCommand, Configuration, Option, validators
9 |
10 | @Configuration()
11 | class %(command.title())Command(GeneratingCommand):
12 | """ %(synopsis)
13 |
14 | ##Syntax
15 |
16 | %(syntax)
17 |
18 | ##Description
19 |
20 | %(description)
21 |
22 | """
23 | def generate(self):
24 | # Put your event code here
25 | pass
26 |
27 | dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)
28 |
--------------------------------------------------------------------------------
/tsconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "include": [
3 | "./out/**/*.ts"
4 | ],
5 | "compilerOptions": {
6 | "jsx": "react",
7 | "module": "commonjs",
8 | "target": "ES2020",
9 | "lib": [
10 | "ES2020",
11 | "dom"
12 | ],
13 | "sourceMap": true,
14 | "resolveJsonModule": true,
15 | "rootDir": "out",
16 | "strict": false /* enable all strict type-checking options */
17 | /* Additional Checks */
18 | // "noImplicitReturns": true, /* Report error when not all code paths in function return a value. */
19 | // "noFallthroughCasesInSwitch": true, /* Report errors for fallthrough cases in switch statement. */
20 | // "noUnusedParameters": true, /* Report errors on unused parameters. */
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/bin/stream.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 | import os
5 |
6 | sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
7 | from splunklib.searchcommands import \
8 | dispatch, StreamingCommand, Configuration, Option, validators
9 |
10 |
11 | @Configuration()
12 | class %(command.title())Command(StreamingCommand):
13 | """ %(synopsis)
14 |
15 | ##Syntax
16 |
17 | %(syntax)
18 |
19 | ##Description
20 |
21 | %(description)
22 |
23 | """
24 | def stream(self, events):
25 | # Put your event transformation code here
26 | pass
27 |
28 | dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)
29 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/bin/filter.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 | import os
5 |
6 | sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
7 | from splunklib.searchcommands import \
8 | dispatch, StreamingCommand, Configuration, Option, validators
9 |
10 |
11 | @Configuration()
12 | class %(command.title())Command(EventingCommand):
13 | """ %(synopsis)
14 |
15 | ##Syntax
16 |
17 | %(syntax)
18 |
19 | ##Description
20 |
21 | %(description)
22 |
23 | """
24 | def transform(self, events):
25 | # Put your event transformation code here
26 | pass
27 |
28 | dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)
29 |
--------------------------------------------------------------------------------
/.vscode/tasks.json:
--------------------------------------------------------------------------------
1 | // See https://go.microsoft.com/fwlink/?LinkId=733558
2 | // for the documentation about the tasks.json format
3 | {
4 | "version": "2.0.0",
5 | "tasks": [
6 | {
7 | "type": "npm",
8 | "script": "watch",
9 | "problemMatcher": [
10 | "$ts-webpack-watch",
11 | "$tslint-webpack-watch"
12 | ],
13 | "isBackground": true,
14 | "presentation": {
15 | "reveal": "never",
16 | "group": "watchers"
17 | },
18 | "group": {
19 | "kind": "build",
20 | "isDefault": true
21 | }
22 | },
23 | {
24 | "type": "npm",
25 | "script": "compile-tests",
26 | "problemMatcher": ["$tsc"],
27 | "isBackground": false,
28 | "group": {
29 | "kind": "build"
30 | }
31 | }
32 | ]
33 | }
--------------------------------------------------------------------------------
/resources/projects/modviz/metadata/default.meta:
--------------------------------------------------------------------------------
1 |
2 | # Application-level permissions
3 |
4 | []
5 | access = read : [ * ], write : [ admin, power ]
6 |
7 | ### EVENT TYPES
8 |
9 | [eventtypes]
10 | export = system
11 |
12 |
13 | ### PROPS
14 |
15 | [props]
16 | export = system
17 |
18 |
19 | ### TRANSFORMS
20 |
21 | [transforms]
22 | export = system
23 |
24 |
25 | ### LOOKUPS
26 |
27 | [lookups]
28 | export = system
29 |
30 |
31 | ### VIEWSTATES: even normal users should be able to create shared viewstates
32 |
33 | [viewstates]
34 | access = read : [ * ], write : [ * ]
35 | export = system
36 |
37 | ### Visualizations
38 |
39 | # Un-comment the stanza below to make the standin visualization available to all apps.
40 | # [visualizations/standin]
41 | # export = system
--------------------------------------------------------------------------------
/spl-language-configuration.json:
--------------------------------------------------------------------------------
1 | {
2 | "comments": {
3 | "lineComment": "`comment(\" \")`",
4 | "blockComment": ["```\n", "\n```"],
5 | },
6 | "brackets": [
7 | ["{", "}"],
8 | ["[", "]"],
9 | ["(", ")"]
10 | ],
11 | "autoClosingPairs": [
12 | ["{", "}"],
13 | ["[", "]"],
14 | ["(", ")"],
15 | ["\"", "\""],
16 | ["'", "'"],
17 | ["`", "`"]
18 | ],
19 | "surroundingPairs": [
20 | ["{", "}"],
21 | ["[", "]"],
22 | ["(", ")"],
23 | ["\"", "\""],
24 | ["'", "'"],
25 | ["`", "`"]
26 | ],
27 | "indentationRules": {
28 | "increaseIndentPattern": "^[^\\|]",
29 | "decreaseIndentPattern": ""
30 | }
31 | }
--------------------------------------------------------------------------------
/resources/projects/modviz/appserver/static/visualizations/standin/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "standin",
3 | "version": "1.0.0",
4 | "description": "Visualization app template. Put a description here.",
5 | "main": "visualization.js",
6 | "scripts": {
7 | "build": "$SPLUNK_HOME/bin/splunk cmd node ./node_modules/webpack/bin/webpack.js",
8 | "devbuild": "$SPLUNK_HOME/bin/splunk cmd node ./node_modules/webpack/bin/webpack.js --progress",
9 | "watch": "$SPLUNK_HOME/bin/splunk cmd node ./node_modules/webpack/bin/webpack.js -d --watch --progress"
10 | },
11 | "author": "Splunk",
12 | "license": "MIT",
13 | "devDependencies": {
14 | "webpack": "^1.12.6"
15 | },
16 | "dependencies": {
17 | "jquery": "^3.4.1",
18 | "underscore": "^1.8.3"
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/splunk-language-configuration.json:
--------------------------------------------------------------------------------
1 | {
2 | "comments": {
3 | "lineComment": "#"
4 | },
5 |
6 | "brackets": [
7 | ["{", "}"],
8 | ["[", "]"],
9 | ["(", ")"]
10 | ],
11 |
12 | "autoClosingPairs": [
13 | { "open": "{", "close": "}" },
14 | { "open": "[", "close": "]" },
15 | { "open": "(", "close": ")" },
16 | { "open": "'", "close": "'", "notIn": ["string", "comment"] },
17 | { "open": "\"", "close": "\"", "notIn": ["string", "comment"] }
18 | ],
19 |
20 | "autoCloseBefore": ";:.,=}])>` \n\t",
21 |
22 | "surroundingPairs": [
23 | ["{", "}"],
24 | ["[", "]"],
25 | ["(", ")"],
26 | ["'", "'"],
27 | ["\"", "\""],
28 | ["`", "`"]
29 | ],
30 |
31 | }
--------------------------------------------------------------------------------
/spec_files/7.3/fshpasswords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file maintains the credential information associated with a federated provider.
4 | #
5 | # There is no global, default fshpasswords.conf. Instead, anytime a user creates
6 | # a new user or edit a user assocated with a federated provider onwards hitting
7 | # the fsh storage endpoint will create this fshpasswords.conf file.
8 | #
9 | # To learn more about configuration files (including precedence) please see the
10 | # documentation located at
11 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
12 |
13 |
14 | [credential:::]
15 | password =
16 | * Password that corresponds to the service account for the given federated provider.
17 | * The password can be in clear text, however when saved from splunkd the
18 | password will always be encrypted
19 |
--------------------------------------------------------------------------------
/spec_files/8.0/fshpasswords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file maintains the credential information associated with a federated provider.
4 | #
5 | # There is no global, default fshpasswords.conf. Instead, anytime a user creates
6 | # a new user or edit a user assocated with a federated provider onwards hitting
7 | # the fsh storage endpoint will create this fshpasswords.conf file.
8 | #
9 | # To learn more about configuration files (including precedence) please see the
10 | # documentation located at
11 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
12 |
13 |
14 | [credential:::]
15 | password =
16 | * Password that corresponds to the service account for the given federated provider.
17 | * The password can be in clear text, however when saved from splunkd the
18 | password will always be encrypted
19 |
--------------------------------------------------------------------------------
/spec_files/8.1/fshpasswords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file maintains the credential information associated with a federated provider.
4 | #
5 | # There is no global, default fshpasswords.conf. Instead, anytime a user creates
6 | # a new user or edit a user assocated with a federated provider onwards hitting
7 | # the fsh storage endpoint will create this fshpasswords.conf file.
8 | #
9 | # To learn more about configuration files (including precedence) please see the
10 | # documentation located at
11 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
12 |
13 |
14 | [credential:::]
15 | password =
16 | * Password that corresponds to the service account for the given federated provider.
17 | * The password can be in clear text, however when saved from splunkd, the
18 | password will always be encrypted.
19 |
--------------------------------------------------------------------------------
/spec_files/8.2/fshpasswords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file maintains the credential information associated with a federated provider.
4 | #
5 | # There is no global, default fshpasswords.conf. Instead, anytime a user creates
6 | # a new user or edit a user assocated with a federated provider onwards hitting
7 | # the fsh storage endpoint will create this fshpasswords.conf file.
8 | #
9 | # To learn more about configuration files (including precedence) please see the
10 | # documentation located at
11 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
12 |
13 |
14 | [credential:::]
15 | password =
16 | * Password that corresponds to the service account for the given federated provider.
17 | * The password can be in clear text, however when saved from splunkd, the
18 | password will always be encrypted.
19 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/lib/splunklib/__init__.py:
--------------------------------------------------------------------------------
1 | # Copyright 2011-2015 Splunk, Inc.
2 | #
3 | # Licensed under the Apache License, Version 2.0 (the "License"): you may
4 | # not use this file except in compliance with the License. You may obtain
5 | # a copy of the License at
6 | #
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 | #
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 | # License for the specific language governing permissions and limitations
13 | # under the License.
14 |
15 | """Python library for Splunk."""
16 |
17 | from __future__ import absolute_import
18 | from splunklib.six.moves import map
19 | __version_info__ = (1, 6, 6)
20 | __version__ = ".".join(map(str, __version_info__))
21 |
--------------------------------------------------------------------------------
/spec_files/7.3/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/8.0/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/8.1/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/8.2/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/9.1/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/9.2/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/spec_files/9.0/migration.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file maintains the migration status in Splunk Enterprise.
4 | #
5 | # Splunk Enterprise automatically generates the configurations in
6 | # this file during a migration.
7 | # Do not edit any configurations in this file unless instructed to by
8 | # Splunk support.
9 | #
10 | # There is no global, default migration.conf. When migrating between certain
11 | # versions of Splunk Enterprise, Splunk will perform migration actions that
12 | # must only be executed once. To ensure these actions are not performed during
13 | # any subsequent migration, Splunk will create a migration.conf to record
14 | # whether or not particular migration actions have taken place.
15 | #
16 | # To learn more about configuration files (including precedence) please see the
17 | # documentation located at
18 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
19 |
--------------------------------------------------------------------------------
/resources/dark/view.svg:
--------------------------------------------------------------------------------
1 |
2 |
8 |
--------------------------------------------------------------------------------
/resources/projects/searchcommands_template/bin/report.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 | import os
5 |
6 | sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "lib"))
7 | from splunklib.searchcommands import \
8 | dispatch, ReportingCommand, Configuration, Option, validators
9 |
10 |
11 | @Configuration()
12 | class %(command.title())Command(ReportingCommand):
13 | """ %(synopsis)
14 |
15 | ##Syntax
16 |
17 | %(syntax)
18 |
19 | ##Description
20 |
21 | %(description)
22 |
23 | """
24 | @Configuration()
25 | def map(self, events):
26 | # Put your streaming preop implementation here, or remove the map method,
27 | # if you have no need for a streaming preop
28 | pass
29 |
30 | def reduce(self, events):
31 | # Put your reporting implementation
32 | pass
33 |
34 | dispatch(%(command.title())Command, sys.argv, sys.stdin, sys.stdout, __name__)
35 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/README.md:
--------------------------------------------------------------------------------
1 | CREATE:
2 | `curl -k -u : -X POST https://:8089/servicesNS/nobody/example_rest/example_eai_handler -d name=new -d custom_parameter=`
3 |
4 | GET:
5 | `curl -k -u : https://:8089/servicesNS/nobody/example_rest/example_eai_handler/`
6 | OR
7 | `| rest /servicesNS/nobody/example_rest/example_eai_handler/new`
8 |
9 | LIST:
10 | `curl -k -u : https://:8089/servicesNS/nobody/example_rest/example_eai_handler`
11 | OR
12 | `| rest /servicesNS/nobody/example_rest/example_eai_handler`
13 |
14 | EDIT:
15 | `curl -k -u : -X POST https://:8089/servicesNS/nobody/example_rest/example_eai_handler/ -d custom_parameter=`
16 |
17 | DELETE:
18 | `curl -k -u : -X DELETE https://:8089/servicesNS/nobody/example_rest/example_eai_handler/`
--------------------------------------------------------------------------------
/resources/dark/search.svg:
--------------------------------------------------------------------------------
1 |
2 |
7 |
--------------------------------------------------------------------------------
/resources/light/refresh.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/spec_files/default.meta.spec:
--------------------------------------------------------------------------------
1 | # NOTE!
2 | # The shipped default.meta.spec file contains extraneous information beyond the
3 | # specification which thows off the spec parser. This file has been included
4 | # to correctly parse default.meta and local.meta files.
5 | #
6 | # For detailed information, refer to https://docs.splunk.com/Documentation/Splunk/latest/Admin/Defaultmetaconf
7 |
8 | # GLOBAL SETTINGS
9 | []
10 | access = read : [ ], write : []
11 | export =
12 |
13 | []
14 | access = read : [ ], write : []
15 | export =
16 | owner =
17 | version =
18 | modtime =
19 |
20 | [/]
21 | access = read : [ ], write : []
22 | export =
23 | owner =
24 | version =
25 | modtime =
--------------------------------------------------------------------------------
/resources/dark/refresh.svg:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/test/acceptance/index.ts:
--------------------------------------------------------------------------------
1 | import * as path from 'path';
2 | import * as Mocha from 'mocha';
3 | import * as glob from 'glob';
4 |
5 | // Example taken from: https://github.com/microsoft/vscode-extension-samples/tree/main/helloworld-test-sample
6 | export function run(): Promise {
7 | // Create the mocha test
8 | const mocha = new Mocha({
9 | ui: 'tdd'
10 | });
11 |
12 | const testsRoot = path.resolve(__dirname);
13 |
14 | return new Promise((c, e) => {
15 | glob('**/**.test.js', { cwd: testsRoot }, (err, files) => {
16 | if (err) {
17 | return e(err);
18 | }
19 |
20 | // Add files to the test suite
21 | files.forEach(f => mocha.addFile(path.resolve(testsRoot, f)));
22 |
23 | try {
24 | // Run the mocha test
25 | mocha.run(failures => {
26 | if (failures > 0) {
27 | e(new Error(`${failures} tests failed.`));
28 | } else {
29 | c();
30 | }
31 | });
32 | } catch (err) {
33 | console.error(err);
34 | e(err);
35 | }
36 | });
37 | });
38 | }
39 |
--------------------------------------------------------------------------------
/resources/light/search.svg:
--------------------------------------------------------------------------------
1 |
2 |
7 |
--------------------------------------------------------------------------------
/spec_files/7.3/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * Name of the filter being defined.
19 |
20 | proc =
21 | * Regex specifying process image that you want Splunk to monitor.
22 |
23 | type =
24 | * Regex specifying the type(s) of process event that you want Splunk to
25 | monitor.
26 |
27 | hive =
28 | * Not used in this context, but should always have value ".*"
29 |
--------------------------------------------------------------------------------
/spec_files/8.0/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * Name of the filter being defined.
19 |
20 | proc =
21 | * Regex specifying process image that you want Splunk to monitor.
22 |
23 | type =
24 | * Regex specifying the type(s) of process event that you want Splunk to
25 | monitor.
26 |
27 | hive =
28 | * Not used in this context, but should always have value ".*"
29 |
--------------------------------------------------------------------------------
/spec_files/8.1/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 |
17 |
18 | [credential:::]
19 | password =
20 | * The password that corresponds to the given username for the given realm.
21 | * NOTE: The realm is optional.
22 | * The password can be in clear text, however when saved from splunkd the
23 | password will always be encrypted.
24 |
--------------------------------------------------------------------------------
/spec_files/8.2/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 |
17 |
18 | [credential:::]
19 | password =
20 | * The password that corresponds to the given username for the given realm.
21 | * NOTE: The realm is optional.
22 | * The password can be in clear text, however when saved from splunkd the
23 | password will always be encrypted.
24 |
--------------------------------------------------------------------------------
/spec_files/9.1/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 |
17 |
18 | [credential:::]
19 | password =
20 | * The password that corresponds to the given username for the given realm.
21 | * NOTE: The realm is optional.
22 | * The password can be in clear text, however when saved from splunkd the
23 | password will always be encrypted.
24 |
--------------------------------------------------------------------------------
/spec_files/9.2/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 |
17 |
18 | [credential:::]
19 | password =
20 | * The password that corresponds to the given username for the given realm.
21 | * NOTE: The realm is optional.
22 | * The password can be in clear text, however when saved from splunkd the
23 | password will always be encrypted.
24 |
--------------------------------------------------------------------------------
/test/spec.stats.test.js:
--------------------------------------------------------------------------------
1 | const fs = require('fs');
2 | const path = require('path');
3 | const specFolderLocation = './spec_files';
4 | const splunkSpec = require("../out/spec.js");
5 | const extensionPath = path.resolve(__dirname, '../');
6 | const specFileVersion = "9.2";
7 |
8 | let stanzaCount = 0
9 | let settingCount = 0
10 |
11 | fs.readdir(path.join(specFolderLocation, specFileVersion), function(err, files) {
12 | let list = files.filter(item => !(/(^|\/)\.[^\/\.]/g).test(item))
13 | console.log('.spec file count: %d', list.length)
14 | list.forEach(function (file) {
15 | let specFilePath = path.join(specFolderLocation, specFileVersion, file)
16 | let specConfig = splunkSpec.getSpecConfig(extensionPath, specFilePath);
17 | stanzaCount = stanzaCount + specConfig.stanzas.length
18 | specConfig.stanzas.forEach(function (stanza) {
19 | settingCount = settingCount + stanza.settings.length
20 | })
21 | })
22 |
23 | console.log('stanza count: %d', stanzaCount)
24 | console.log('setting count: %d', settingCount)
25 | })
--------------------------------------------------------------------------------
/spec_files/9.0/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 |
17 |
18 | [credential:::]
19 | password =
20 | * The password that corresponds to the given username for the given realm.
21 | * NOTE: The realm is optional.
22 | * The password can be in clear text, however when saved from splunkd the
23 | password will always be encrypted.
24 |
--------------------------------------------------------------------------------
/out/notebooks/visualizations.ts:
--------------------------------------------------------------------------------
1 | export const VIZ_TYPES = [
2 | {
3 | "label": "Events Viewer",
4 | "value": "events"
5 | },
6 | {
7 | "label": "Single Value",
8 | "value": "single"
9 | },
10 | {
11 | "label": "Table Chart",
12 | "value": "table"
13 | },
14 | {
15 | "label": "Line Chart",
16 | "value": "line"
17 | },
18 | {
19 | "label": "Area Chart",
20 | "value": "area"
21 | },
22 | {
23 | "label": "Column Chart",
24 | "value": "column"
25 | },
26 | {
27 | "label": "Bar Chart",
28 | "value": "bar"
29 | },
30 | {
31 | "label": "Pie Chart",
32 | "value": "pie"
33 | },
34 | {
35 | "label": "Scatter Chart",
36 | "value": "scatter"
37 | },
38 | {
39 | "label": "Bubble Chart",
40 | "value": "bubble"
41 | },
42 | {
43 | "label": "Punchcard",
44 | "value": "punchcard"
45 | },
46 | {
47 | "label": "Link Graph",
48 | "value": "link"
49 | }
50 | ]
--------------------------------------------------------------------------------
/resources/light/view.svg:
--------------------------------------------------------------------------------
1 |
2 |
8 |
--------------------------------------------------------------------------------
/spec_files/8.0/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/spec_files/8.1/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/spec_files/8.2/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/spec_files/9.0/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/spec_files/9.1/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/spec_files/9.2/bookmarks.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file contains possible settings and values for configuring various
4 | # "bookmark" entries to be stored within a Splunk instance.
5 | #
6 | # To add custom bookmarks, place a bookmarks.conf file in
7 | # $SPLUNK_HOME/etc/system/local/ on the Splunk instance.
8 | # configuration content is deployed to a
9 | # given deployment client in serverclass.conf. Refer to
10 | #
11 | # To learn more about configuration files (including precedence), see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [bookmarks_mc:*]
16 | url =
17 | * A bookmark URL that redirects logged-in administrators to other Monitoring
18 | Console instances that may be within their purview. Set this up if you have
19 | administrators who are responsible for the performance and uptime of multiple
20 | Splunk deployments.
21 | * The bookmark appears in the left pane of the Monitoring Console.
22 | * The URL must begin with http:// or https:// and contain 'splunk_monitoring_console'.
23 | * Default: not set
24 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) Splunk, Inc. All rights reserved.
2 |
3 | MIT License
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
--------------------------------------------------------------------------------
/spec_files/8.1/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * The name of the filter being defined.
19 |
20 | proc =
21 | * A regular expression that specifies process image that you want
22 | the Splunk platform to monitor.
23 | * No default.
24 |
25 | type =
26 | * A regular expression that specifies the type(s) of process events
27 | that you want the Splunk platform to monitor.
28 | * No default
29 |
30 | hive =
31 | * Not used in this context, but should always have value ".*"
32 |
--------------------------------------------------------------------------------
/spec_files/8.2/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * The name of the filter being defined.
19 |
20 | proc =
21 | * A regular expression that specifies process image that you want
22 | the Splunk platform to monitor.
23 | * No default.
24 |
25 | type =
26 | * A regular expression that specifies the type(s) of process events
27 | that you want the Splunk platform to monitor.
28 | * No default
29 |
30 | hive =
31 | * Not used in this context, but should always have value ".*"
32 |
--------------------------------------------------------------------------------
/spec_files/9.0/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * The name of the filter being defined.
19 |
20 | proc =
21 | * A regular expression that specifies process image that you want
22 | the Splunk platform to monitor.
23 | * No default.
24 |
25 | type =
26 | * A regular expression that specifies the type(s) of process events
27 | that you want the Splunk platform to monitor.
28 | * No default
29 |
30 | hive =
31 | * Not used in this context, but should always have value ".*"
32 |
--------------------------------------------------------------------------------
/spec_files/9.1/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * The name of the filter being defined.
19 |
20 | proc =
21 | * A regular expression that specifies process image that you want
22 | the Splunk platform to monitor.
23 | * No default.
24 |
25 | type =
26 | * A regular expression that specifies the type(s) of process events
27 | that you want the Splunk platform to monitor.
28 | * No default
29 |
30 | hive =
31 | * Not used in this context, but should always have value ".*"
32 |
--------------------------------------------------------------------------------
/spec_files/9.2/procmon-filters.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # *** DEPRECATED ***
4 | #
5 | #
6 | # This file contains potential attribute/value pairs to use when configuring
7 | # Windows registry monitoring. The procmon-filters.conf file contains the
8 | # regular expressions you create to refine and filter the processes you want
9 | # Splunk to monitor. You must restart Splunk to enable configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | #### find out if this file is still being used.
16 |
17 | []
18 | * The name of the filter being defined.
19 |
20 | proc =
21 | * A regular expression that specifies process image that you want
22 | the Splunk platform to monitor.
23 | * No default.
24 |
25 | type =
26 | * A regular expression that specifies the type(s) of process events
27 | that you want the Splunk platform to monitor.
28 | * No default
29 |
30 | hive =
31 | * Not used in this context, but should always have value ".*"
32 |
--------------------------------------------------------------------------------
/test/runFunctionalTests.ts:
--------------------------------------------------------------------------------
1 | import * as path from 'path';
2 | import {
3 | downloadAndUnzipVSCode,
4 | runTests
5 | } from '@vscode/test-electron';
6 |
7 | // We refer to these as functional tests because they must be run within the test-electron framework
8 | // which requires VSCode itself in order to resolve 'vscode' imports for the files being tested.
9 | // Example taken from: https://code.visualstudio.com/api/working-with-extensions/testing-extension#custom-setup-with-vscodetestelectron
10 | async function main() {
11 | try {
12 | const extensionDevelopmentPath = path.resolve(__dirname, '..'); // root of repo
13 | const functionalTestsPath = path.resolve(__dirname, './functional/index');
14 | const vscodeExecutablePath = await downloadAndUnzipVSCode('stable');
15 |
16 | // Run the extension test
17 | await runTests({
18 | // Use the specified `code` executable
19 | vscodeExecutablePath,
20 | extensionDevelopmentPath,
21 | extensionTestsPath: functionalTestsPath
22 | });
23 | } catch (err) {
24 | console.error(`Failed to run tests: ${err}`);
25 | process.exit(1);
26 | }
27 | }
28 |
29 | main();
30 |
--------------------------------------------------------------------------------
/test/functional/index.ts:
--------------------------------------------------------------------------------
1 | import * as path from 'path';
2 | import * as Mocha from 'mocha';
3 | import * as glob from 'glob';
4 |
5 | // Example taken from: https://github.com/microsoft/vscode-extension-samples/tree/main/helloworld-test-sample
6 | export function run(): Promise {
7 | // Create the mocha test
8 | const mocha = new Mocha({
9 | ui: 'tdd'
10 | });
11 |
12 | const testsRoot = path.resolve(__dirname);
13 |
14 | return new Promise((resolve, reject) => {
15 | console.log(`Checking for *.test.js in ${testsRoot}`);
16 | glob('**/**.test.js', { cwd: testsRoot }, (err, files) => {
17 | if (err) {
18 | return reject(err);
19 | }
20 |
21 | // Add files to the test suite
22 | files.forEach(f => {
23 | console.log(`Found ${f}`);
24 | mocha.addFile(path.resolve(testsRoot, f))
25 | });
26 |
27 | try {
28 | // Run the mocha test
29 | mocha.run(failures => {
30 | if (failures > 0) {
31 | reject(new Error(`${failures} tests failed.`));
32 | } else {
33 | resolve();
34 | }
35 | });
36 | } catch (err) {
37 | console.error(err);
38 | reject(err);
39 | }
40 | });
41 | });
42 | }
43 |
--------------------------------------------------------------------------------
/spl2-language-configuration.json:
--------------------------------------------------------------------------------
1 | {
2 | "comments": {
3 | "lineComment": "//",
4 | "blockComment": ["/*", "*/"]
5 | },
6 | "onEnterRules": [
7 | {
8 | "beforeText": "^\\s*/\\*\\*(?!/)([^*]|\\*(?!/))*$",
9 | "afterText": "^\\s*\\*/$",
10 | "action": {
11 | "indent": "indentOutdent",
12 | "appendText": " * "
13 | }
14 | },
15 | {
16 | "beforeText": "^\\s*/\\*\\*(?!/)([^\\*]|\\*(?!/))*$",
17 | "action": {
18 | "indent": "none",
19 | "appendText": " * "
20 | }
21 | },
22 | {
23 | "beforeText": "^(\t|[ ])*[ ]\\*([ ]([^*]|\\*(?!/))*)?$",
24 | "oneLineAboveText": "(?=^(\\s*(/\\*\\*|\\*)).*)(?=(?!(\\s*\\*/)))/",
25 | "action": {
26 | "indent": "none",
27 | "appendText": "* "
28 | }
29 | },
30 | {
31 | "beforeText": "^(\t|[ ])*[ ]\\*/\\s*$",
32 | "action": {
33 | "indent": "none",
34 | "removeText": 1
35 | }
36 | },
37 | {
38 | "beforeText": "^(\t|[ ])*[ ]\\*[^/]*\\*/\\s*$",
39 | "action": {
40 | "indent": "none",
41 | "removeText": 1
42 | }
43 | }
44 | ]
45 | }
46 |
--------------------------------------------------------------------------------
/spec_files/7.3/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 | # More details for storage endpoint is at
17 | # http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/
18 |
19 |
20 | [credential:::]
21 | password =
22 | * Password that corresponds to the given username for the given realm.
23 | Note that realm is optional
24 | * The password can be in clear text, however when saved from splunkd the
25 | password will always be encrypted
26 |
--------------------------------------------------------------------------------
/spec_files/8.0/passwords.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file maintains the credential information for a given app in Splunk Enterprise.
4 | #
5 | # There is no global, default passwords.conf. Instead, anytime a user creates
6 | # a new user or edit a user onwards hitting the storage endpoint
7 | # will create this passwords.conf file which gets replicated
8 | # in a search head clustering enviornment.
9 | # Note that passwords.conf is only created from 6.3.0 release.
10 | #
11 | # You must restart Splunk Enterprise to reload manual changes to passwords.conf.
12 | #
13 | # To learn more about configuration files (including precedence) please see the
14 | # documentation located at
15 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
16 | # More details for storage endpoint is at
17 | # http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/
18 |
19 |
20 | [credential:::]
21 | password =
22 | * Password that corresponds to the given username for the given realm.
23 | Note that realm is optional
24 | * The password can be in clear text, however when saved from splunkd the
25 | password will always be encrypted
26 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/bin/log_helper.py:
--------------------------------------------------------------------------------
1 | import logging
2 | import logging.handlers
3 | import os
4 |
5 | def setup(level, name, file_name, use_rotating_handler=True):
6 | """
7 | Setup a logger for the REST handler.
8 |
9 | Arguments:
10 | level -- The logging level to use
11 | name -- The name of the logger to use
12 | file_name -- The file name to log to
13 | use_rotating_handler -- Indicates whether a rotating file handler ought to be used
14 | """
15 |
16 | logger = logging.getLogger(name)
17 | logger.propagate = False # Prevent the log messages from being duplicated in the python.log file
18 | logger.setLevel(level)
19 | log_file_path = os.path.join(os.environ['SPLUNK_HOME'], 'var', 'log', 'splunk', file_name)
20 | if use_rotating_handler:
21 | file_handler = logging.handlers.RotatingFileHandler(log_file_path, maxBytes=25000000, backupCount=5)
22 | else:
23 | file_handler = logging.FileHandler(log_file_path)
24 | formatter = logging.Formatter('%(created)f %(levelname)s :%(lineno)d %(message)s')
25 | file_handler.setFormatter(formatter)
26 | logger.addHandler(file_handler)
27 | return logger
28 |
--------------------------------------------------------------------------------
/resources/projects/resthandler_template/bin/schema.LICENSE-MIT:
--------------------------------------------------------------------------------
1 | Copyright (c) 2012 Vladimir Keleshev,
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining a copy of
4 | this software and associated documentation files (the "Software"), to deal in
5 | the Software without restriction, including without limitation the rights to
6 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
7 | of the Software, and to permit persons to whom the Software is furnished to do
8 | so, subject to the following conditions:
9 |
10 | The above copyright notice and this permission notice shall be included in all
11 | copies or substantial portions of the Software.
12 |
13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
19 | SOFTWARE.
20 |
--------------------------------------------------------------------------------
/spec_files/7.3/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/8.0/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/8.1/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/8.2/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/9.0/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/9.1/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/spec_files/9.2/source-classifier.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file contains all possible options for configuring settings for the
4 | # file classifier in source-classifier.conf.
5 | #
6 | # There is a source-classifier.conf in $SPLUNK_HOME/etc/system/default/ To
7 | # set custom configurations, place a source-classifier.conf in
8 | # $SPLUNK_HOME/etc/system/local/. For examples, see
9 | # source-classifier.conf.example. You must restart Splunk to enable
10 | # configurations.
11 | #
12 | # To learn more about configuration files (including precedence) please see
13 | # the documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 |
16 |
17 | ignored_model_keywords =
18 | * Terms to ignore when generating a sourcetype model.
19 | * To prevent sourcetype "bundles/learned/*-model.xml" files from containing
20 | sensitive terms (e.g. "bobslaptop") that occur very frequently in your
21 | data files, add those terms to ignored_model_keywords.
22 |
23 | ignored_filename_keywords =
24 | * Terms to ignore when comparing a new sourcename against a known
25 | sourcename, for the purpose of classifying a source.
26 |
27 |
--------------------------------------------------------------------------------
/syntaxes/splunk.tmLanguage.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "Splunk",
3 | "fileTypes": ["conf", "spec", "default.meta", "local.meta"],
4 | "scopeName": "source.splunk",
5 | "patterns": [
6 | {"include": "#warning"},
7 | {"include": "#comment"},
8 | {"include": "#stanza"},
9 | {"include": "#setting"},
10 | {"include": "source.json"}
11 | ],
12 | "repository": {
13 | "warning":{
14 | "comment": "Looks for the text '# DO NOT EDIT THIS FILE'.",
15 | "match": "^# DO NOT EDIT THIS FILE\\!$",
16 | "name": "invalid.illegal"
17 | },
18 | "comment": {
19 | "comment": "Any lines that start with '#' are marked as a comment.",
20 | "begin": "^#",
21 | "end": "\\n",
22 | "name": "comment.splunk"
23 | },
24 | "stanza": {
25 | "comment": "Matches '[stanzas]'.",
26 | "begin": "^\\[",
27 | "end": "\\]",
28 | "name": "entity.splunk"
29 | },
30 | "setting": {
31 | "comment": "Matches 'setting = value'.",
32 | "captures": {
33 | "1": {
34 | "name": "support.type.property-name.splunk"
35 | },
36 | "2": {
37 | "name": "punctuation.separator.splunk"
38 | },
39 | "3": {
40 | "name": "string.quoted.double.splunk"
41 | }
42 | },
43 | "match": "\\b([a-zA-Z0-9,_.-]+)\\b\\s*(=)\\s*(.*)$"
44 | }
45 | }
46 | }
--------------------------------------------------------------------------------
/out/globalConfigPreview.js:
--------------------------------------------------------------------------------
1 | const vscode = require("vscode");
2 | const fs = require("fs")
3 | const path = require("path")
4 |
5 | function init(context) {
6 | vscode.commands.registerCommand('splunk.previewGlobalConfig', () => previewHanlder(path.join(context.extensionPath, 'resources', 'templates', 'globalConfig.html')))
7 | }
8 |
9 | function render(text, panel) {
10 | try {
11 | const configObject = JSON.parse(text)
12 | panel.webview.postMessage({ action: 'config-data', data: configObject })
13 | } catch (e) {
14 | console.error("Error Rendering preview. ", e.message)
15 | }
16 | }
17 |
18 | function previewHanlder(templatePath) {
19 | const panel = vscode.window.createWebviewPanel(
20 | 'splunkWebView',
21 | 'Global Config Preview',
22 | vscode.ViewColumn.Beside,
23 | {
24 | enableScripts: true,
25 | }
26 | );
27 | const template = fs.readFileSync(templatePath, {
28 | encoding: "utf-8"
29 | });
30 | panel.webview.html = template
31 | const configText = vscode.window.activeTextEditor.document.getText()
32 | render(configText, panel);
33 | vscode.workspace.onDidChangeTextDocument((e) => {
34 | const doc = e.document
35 | if (doc.fileName.endsWith("globalConfig.json")) {
36 | render(doc.getText(), panel)
37 | }
38 | })
39 | }
40 |
41 | exports.init = init;
42 |
--------------------------------------------------------------------------------
/spec_files/9.0/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | queueing =
24 | * Whether or not audit events are sent to the indexQueue.
25 | * If set to "true", audit events are sent to the indexQueue.
26 | * If set to "false", you must add an inputs.conf stanza to tail the
27 | audit log for the events reach your index.
28 | * Default: true
29 |
30 |
--------------------------------------------------------------------------------
/spec_files/9.0/livetail.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # ** FOR USE IN SPLUNK LIGHT ONLY
4 | #
5 | # This file contains the settings and keywords available for the Splunk Livetail feature.
6 | # The livetail.conf isn't necessary to use Livetail but is used as a storage
7 | # of any keywords and the settings for each keyword.
8 | #
9 | # There is a default livetail.conf in $SPLUNK_HOME/etc/system/default that is
10 | # is used to include the 3 default sounds for each keyword.
11 | #
12 | # To learn more about configuration files (including precedence) see the
13 | # documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 | #
16 | # GLOBAL SETTINGS
17 | # Use the [default] stanza to define any global settings.
18 | # * You can also define global settings outside of any stanza, at the top of
19 | # the file.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 | # * There will be 3 default sounds (sound-ding, sound-airhorn, sound-alarm) in base64 encoding.
23 | # They will be included as defaults for any keywords as a map for the sound a user chooses.
24 |
25 |
26 | sound-ding = SUQzBAAAAA
27 | sound-airhorn = SUQzBAAAAAE
28 | sound-alarm = SUQzBAAAAAEFd
29 |
30 | [keyword-id-1234]
31 | threshold = 450
32 | playsound = 0
33 | sound = horn
34 | flash = false
35 | enabled = 1
36 | keyphrase = GET
37 | color = 0xFFF
38 |
--------------------------------------------------------------------------------
/spec_files/9.1/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | [auditTrail]
24 | queueing =
25 | * Whether or not audit events are sent to the indexQueue.
26 | * If set to "true", audit events are sent to the indexQueue.
27 | * If set to "false", you must add an inputs.conf stanza to tail the
28 | audit log for the events reach your index.
29 | * Default: true
30 |
31 |
--------------------------------------------------------------------------------
/spec_files/9.1/livetail.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # ** FOR USE IN SPLUNK LIGHT ONLY
4 | #
5 | # This file contains the settings and keywords available for the Splunk Livetail feature.
6 | # The livetail.conf isn't necessary to use Livetail but is used as a storage
7 | # of any keywords and the settings for each keyword.
8 | #
9 | # There is a default livetail.conf in $SPLUNK_HOME/etc/system/default that is
10 | # is used to include the 3 default sounds for each keyword.
11 | #
12 | # To learn more about configuration files (including precedence) see the
13 | # documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 | #
16 | # GLOBAL SETTINGS
17 | # Use the [default] stanza to define any global settings.
18 | # * You can also define global settings outside of any stanza, at the top of
19 | # the file.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 | # * There will be 3 default sounds (sound-ding, sound-airhorn, sound-alarm) in base64 encoding.
23 | # They will be included as defaults for any keywords as a map for the sound a user chooses.
24 |
25 |
26 | sound-ding = SUQzBAAAAA
27 | sound-airhorn = SUQzBAAAAAE
28 | sound-alarm = SUQzBAAAAAEFd
29 |
30 | [keyword-id-1234]
31 | threshold = 450
32 | playsound = 0
33 | sound = horn
34 | flash = false
35 | enabled = 1
36 | keyphrase = GET
37 | color = 0xFFF
38 |
--------------------------------------------------------------------------------
/spec_files/9.2/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | [auditTrail]
24 | queueing =
25 | * Whether or not audit events are sent to the indexQueue.
26 | * If set to "true", audit events are sent to the indexQueue.
27 | * If set to "false", you must add an inputs.conf stanza to tail the
28 | audit log for the events reach your index.
29 | * Default: true
30 |
31 |
--------------------------------------------------------------------------------
/spec_files/9.2/livetail.conf.examples:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # ** FOR USE IN SPLUNK LIGHT ONLY
4 | #
5 | # This file contains the settings and keywords available for the Splunk Livetail feature.
6 | # The livetail.conf isn't necessary to use Livetail but is used as a storage
7 | # of any keywords and the settings for each keyword.
8 | #
9 | # There is a default livetail.conf in $SPLUNK_HOME/etc/system/default that is
10 | # is used to include the 3 default sounds for each keyword.
11 | #
12 | # To learn more about configuration files (including precedence) see the
13 | # documentation located at
14 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
15 | #
16 | # GLOBAL SETTINGS
17 | # Use the [default] stanza to define any global settings.
18 | # * You can also define global settings outside of any stanza, at the top of
19 | # the file.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 | # * There will be 3 default sounds (sound-ding, sound-airhorn, sound-alarm) in base64 encoding.
23 | # They will be included as defaults for any keywords as a map for the sound a user chooses.
24 |
25 |
26 | sound-ding = SUQzBAAAAA
27 | sound-airhorn = SUQzBAAAAAE
28 | sound-alarm = SUQzBAAAAAEFd
29 |
30 | [keyword-id-1234]
31 | threshold = 450
32 | playsound = 0
33 | sound = horn
34 | flash = false
35 | enabled = 1
36 | keyphrase = GET
37 | color = 0xFFF
38 |
--------------------------------------------------------------------------------
/spec_files/9.0/web-features.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure Splunk features. These features are replicated in a Search Head
8 | # Cluster environment.
9 | #
10 | # Each stanza controls a different web feature.
11 | #
12 | # For more information on configuration files, including precedence, search for
13 | # "Use Splunk Web to manage configuration files" in the Admin Manual in the Splunk Docs.
14 |
15 | [feature:quarantine_files]
16 |
17 | enable_jQuery2 =
18 | * DEPRECATED.
19 | * Determines whether or not Splunk Web can use jQuery 2 JavaScript files
20 | packaged with the Splunk platform.
21 | * A "false" value means Splunk Web cannot use jQuery 2 JavaScript files
22 | packaged with the Splunk platform.
23 | * CAUTION: Do not change this setting.
24 | * Default: true
25 |
26 | enable_unsupported_hotlinked_imports =
27 | * Determines whether or not Splunk Web can use unsupported JavaScript
28 | files that the Splunk platform will delete in a future release.
29 | * Unsupported hotlinked imports are dependencies in your Simple XML Custom
30 | JavaScript Extensions that directly reference Splunk software.
31 | * A "false" value means Splunk Web cannot use hotlinked imports
32 | that the Splunk platform will delete in a future release.
33 | * CAUTION: Do not change this setting.
34 | * Default: true
35 |
--------------------------------------------------------------------------------
/spec_files/7.3/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # help, see tags.conf.example. You must restart Splunk to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply ( eg host=localhost ).
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid
20 | * config file parsing errors especially if the field value contains the
21 | following characters: \n, =, []
22 | * Each stanza can refer to only one field=value
23 |
24 | =
25 | =
26 | =
27 | * Set whether each for this specific is enabled or
28 | disabled.
29 | * While you can have multiple tags in a stanza (meaning that multiple tags are
30 | assigned to the same field/value combination), only one tag is allowed per
31 | stanza line. In other words, you can't have a list of tags on one line of the
32 | stanza.
33 |
34 | * WARNING: Do not quote the value: foo=enabled, not "foo"=enabled.
35 |
--------------------------------------------------------------------------------
/spec_files/8.1/workload_policy.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure search admission control for splunk.
8 | #
9 | # There is a workload_policy.conf file in the $SPLUNK_HOME/etc/system/default/ directory.
10 | # Never change or copy the configuration files in the default directory.
11 | # The files in the default directory must remain intact and in their original
12 | # location.
13 | #
14 | # To set custom configurations, create a new file with the name workload_policy.conf in
15 | # the $SPLUNK_HOME/etc/system/local/ directory. Then add the specific settings
16 | # that you want to customize to the local configuration file.
17 | # For examples, see workload_policy.conf.example. You may need to restart the Splunk instance
18 | # to enable configuration changes.
19 | #
20 | # To learn more about configuration files (including file precedence) see the
21 | # documentation located at
22 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
23 | #
24 | # Settings to configure search admission control, including enabling/disabling feature
25 | # and other configurations.
26 |
27 | [search_admission_control]
28 | admission_rules_enabled =
29 | * Determines whether admission rules are applied to searches.
30 | * If set to true, admission rules for pre-filtering searches are applied when a search
31 | is dispatched.
32 | * Default: 0
33 |
--------------------------------------------------------------------------------
/spec_files/8.2/workload_policy.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure search admission control for splunk.
8 | #
9 | # There is a workload_policy.conf file in the $SPLUNK_HOME/etc/system/default/ directory.
10 | # Never change or copy the configuration files in the default directory.
11 | # The files in the default directory must remain intact and in their original
12 | # location.
13 | #
14 | # To set custom configurations, create a new file with the name workload_policy.conf in
15 | # the $SPLUNK_HOME/etc/system/local/ directory. Then add the specific settings
16 | # that you want to customize to the local configuration file.
17 | # For examples, see workload_policy.conf.example. You may need to restart the Splunk instance
18 | # to enable configuration changes.
19 | #
20 | # To learn more about configuration files (including file precedence) see the
21 | # documentation located at
22 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
23 | #
24 | # Settings to configure search admission control, including enabling/disabling feature
25 | # and other configurations.
26 |
27 | [search_admission_control]
28 | admission_rules_enabled =
29 | * Determines whether admission rules are applied to searches.
30 | * If set to true, admission rules for pre-filtering searches are applied when a search
31 | is dispatched.
32 | * Default: 0
33 |
--------------------------------------------------------------------------------
/spec_files/9.1/workload_policy.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure search admission control for splunk.
8 | #
9 | # There is a workload_policy.conf file in the $SPLUNK_HOME/etc/system/default/ directory.
10 | # Never change or copy the configuration files in the default directory.
11 | # The files in the default directory must remain intact and in their original
12 | # location.
13 | #
14 | # To set custom configurations, create a new file with the name workload_policy.conf in
15 | # the $SPLUNK_HOME/etc/system/local/ directory. Then add the specific settings
16 | # that you want to customize to the local configuration file.
17 | # For examples, see workload_policy.conf.example. You may need to restart the Splunk instance
18 | # to enable configuration changes.
19 | #
20 | # To learn more about configuration files (including file precedence) see the
21 | # documentation located at
22 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
23 | #
24 | # Settings to configure search admission control, including enabling/disabling feature
25 | # and other configurations.
26 |
27 | [search_admission_control]
28 | admission_rules_enabled =
29 | * Determines whether admission rules are applied to searches.
30 | * If set to true, admission rules for pre-filtering searches are applied when a search
31 | is dispatched.
32 | * Default: 0
33 |
--------------------------------------------------------------------------------
/spec_files/9.2/workload_policy.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure search admission control for splunk.
8 | #
9 | # There is a workload_policy.conf file in the $SPLUNK_HOME/etc/system/default/ directory.
10 | # Never change or copy the configuration files in the default directory.
11 | # The files in the default directory must remain intact and in their original
12 | # location.
13 | #
14 | # To set custom configurations, create a new file with the name workload_policy.conf in
15 | # the $SPLUNK_HOME/etc/system/local/ directory. Then add the specific settings
16 | # that you want to customize to the local configuration file.
17 | # For examples, see workload_policy.conf.example. You may need to restart the Splunk instance
18 | # to enable configuration changes.
19 | #
20 | # To learn more about configuration files (including file precedence) see the
21 | # documentation located at
22 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
23 | #
24 | # Settings to configure search admission control, including enabling/disabling feature
25 | # and other configurations.
26 |
27 | [search_admission_control]
28 | admission_rules_enabled =
29 | * Determines whether admission rules are applied to searches.
30 | * If set to true, admission rules for pre-filtering searches are applied when a search
31 | is dispatched.
32 | * Default: 0
33 |
--------------------------------------------------------------------------------
/spec_files/8.0/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * WARNING: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/spec_files/8.1/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * CAUTION: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/spec_files/8.2/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * CAUTION: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/spec_files/9.0/workload_policy.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | ############################################################################
4 | # OVERVIEW
5 | ############################################################################
6 | # This file contains descriptions of the settings that you can use to
7 | # configure search admission control for splunk.
8 | #
9 | # There is a workload_policy.conf file in the $SPLUNK_HOME/etc/system/default/ directory.
10 | # Never change or copy the configuration files in the default directory.
11 | # The files in the default directory must remain intact and in their original
12 | # location.
13 | #
14 | # To set custom configurations, create a new file with the name workload_policy.conf in
15 | # the $SPLUNK_HOME/etc/system/local/ directory. Then add the specific settings
16 | # that you want to customize to the local configuration file.
17 | # For examples, see workload_policy.conf.example. You may need to restart the Splunk instance
18 | # to enable configuration changes.
19 | #
20 | # To learn more about configuration files (including file precedence) see the
21 | # documentation located at
22 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
23 | #
24 | # Settings to configure search admission control, including enabling/disabling feature
25 | # and other configurations.
26 |
27 | [search_admission_control]
28 | admission_rules_enabled =
29 | * Determines whether admission rules are applied to searches.
30 | * If set to true, admission rules for pre-filtering searches are applied when a search
31 | is dispatched.
32 | * Default: 0
33 |
--------------------------------------------------------------------------------
/spec_files/9.1/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * CAUTION: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/spec_files/9.2/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * CAUTION: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/spec_files/9.0/tags.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # This file contains possible attribute/value pairs for configuring tags. Set
4 | # any number of tags for indexed or extracted fields.
5 | #
6 | # There is no tags.conf in $SPLUNK_HOME/etc/system/default/. To set custom
7 | # configurations, place a tags.conf in $SPLUNK_HOME/etc/system/local/. For
8 | # examples, see tags.conf.example. You must restart Splunk software to enable
9 | # configurations.
10 | #
11 | # To learn more about configuration files (including precedence) please see the
12 | # documentation located at
13 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
14 |
15 | [=]
16 | * The field name and value to which the tags in the stanza
17 | apply. For example, host=localhost.
18 | * A tags.conf file can contain multiple stanzas. It is recommended that the
19 | value be URL encoded to avoid configuration file parsing errors, especially
20 | if the field value contains the following characters: \n, =, []
21 | * Each stanza can refer to only one field/value pair.
22 |
23 | =
24 | =
25 | =
26 | * Enable or disable each for this specific field/value pair.
27 | * While you can have multiple tags in a stanza (meaning that multiple tags are
28 | assigned to the same field/value combination), only one tag is allowed per
29 | stanza line. In other words, you can't have a list of tags on one line of the
30 | stanza.
31 | * CAUTION: Do not put the value in quotes. For example,
32 | use foo=enabled, not "foo"=enabled.
33 |
--------------------------------------------------------------------------------
/test/runAcceptanceTests.ts:
--------------------------------------------------------------------------------
1 | import * as cp from 'child_process';
2 | import * as path from 'path';
3 | import {
4 | downloadAndUnzipVSCode,
5 | resolveCliArgsFromVSCodeExecutablePath,
6 | runTests
7 | } from '@vscode/test-electron';
8 | import { version } from '../package.json';
9 |
10 | // We refer to these as acceptance tests because they are executed against the actual compiled
11 | // and webpacked .vsix file that's a potential release candidate.
12 | // Example taken from: https://code.visualstudio.com/api/working-with-extensions/testing-extension#custom-setup-with-vscodetestelectron
13 | async function main() {
14 | try {
15 | const extensionDevelopmentPath = path.resolve(__dirname, '..'); // root of repo
16 | const acceptanceTestsPath = path.resolve(__dirname, './acceptance/index');
17 | const vscodeExecutablePath = await downloadAndUnzipVSCode('stable');
18 | const [cliPath, ...args] = resolveCliArgsFromVSCodeExecutablePath(vscodeExecutablePath);
19 |
20 | // Use cp.spawn / cp.exec for custom setup
21 | cp.spawnSync(
22 | cliPath,
23 | [...args, '--install-extension', `splunk-${version}.vsix`], //TODO: use ${packageJSON.version}
24 | {
25 | encoding: 'utf-8',
26 | stdio: 'inherit'
27 | }
28 | );
29 |
30 | // Run the extension test
31 | await runTests({
32 | // Use the specified `code` executable
33 | vscodeExecutablePath,
34 | extensionDevelopmentPath,
35 | extensionTestsPath: acceptanceTestsPath
36 | });
37 | } catch (err) {
38 | console.error(`Failed to run tests: ${err}`);
39 | process.exit(1);
40 | }
41 | }
42 |
43 | main();
44 |
--------------------------------------------------------------------------------
/.github/workflows/build-test.yaml:
--------------------------------------------------------------------------------
1 | name: Build and test
2 | on:
3 | push:
4 | branches:
5 | - main
6 | - master
7 | - develop
8 | pull_request:
9 | types: [opened, reopened, synchronize]
10 |
11 | jobs:
12 | unit-test:
13 | strategy:
14 | matrix:
15 | os: [macos-latest, ubuntu-latest, windows-latest]
16 | # Without this a failure in one OS will cancel jobs running for others
17 | fail-fast: false
18 | runs-on: ${{ matrix.os }}
19 | steps:
20 | - name: Checkout
21 | uses: actions/checkout@v4
22 | - name: Install Node.js
23 | uses: actions/setup-node@v4
24 | with:
25 | node-version: 18
26 | - run: npm install
27 | - run: xvfb-run -a npm test
28 | if: runner.os == 'Linux'
29 | - run: npm test
30 | if: runner.os != 'Linux'
31 | functional-test:
32 | strategy:
33 | matrix:
34 | os: [macos-latest, ubuntu-latest, windows-latest]
35 | # Without this a failure in one OS will cancel jobs running for others
36 | fail-fast: false
37 | runs-on: ${{ matrix.os }}
38 | steps:
39 | - name: Checkout
40 | uses: actions/checkout@v4
41 | - name: Install Node.js
42 | uses: actions/setup-node@v4
43 | with:
44 | node-version: 18
45 | - run: npm install
46 | - run: npm run compile-tests
47 | - run: echo "Run acceptance tests" && node ./out/test/runFunctionalTests.js
48 | if: runner.os == 'macOS'
49 | - run: echo "Run acceptance tests" && xvfb-run -a node ./out/test/runFunctionalTests.js
50 | if: runner.os == 'Linux'
51 | - run: echo "Run acceptance tests" && node .\out\test\runFunctionalTests.js
52 | if: runner.os == 'Windows'
53 |
--------------------------------------------------------------------------------
/spec_files/7.3/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing and event signing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | #########################################################################################
24 | # KEYS: specify your public and private keys for encryption.
25 | #########################################################################################
26 |
27 | queueing=[true|false]
28 | * Turn off sending audit events to the indexQueue -- tail the audit events
29 | instead.
30 | * If this is set to 'false', you MUST add an inputs.conf stanza to tail the
31 | audit log in order to have the events reach your index.
32 | * Defaults to true.
33 |
--------------------------------------------------------------------------------
/spec_files/8.0/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing and event signing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | #########################################################################################
24 | # KEYS: specify your public and private keys for encryption.
25 | #########################################################################################
26 |
27 | queueing =
28 | * Whether or not audit events are sent to the indexQueue.
29 | * If set to "true", audit events are sent to the indexQueue.
30 | * If set to "false", you must add an inputs.conf stanza to tail the
31 | audit log for the events reach your index.
32 | * Default: true
33 |
--------------------------------------------------------------------------------
/spec_files/8.1/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing and event signing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | #########################################################################################
24 | # KEYS: specify your public and private keys for encryption.
25 | #########################################################################################
26 |
27 | queueing =
28 | * Whether or not audit events are sent to the indexQueue.
29 | * If set to "true", audit events are sent to the indexQueue.
30 | * If set to "false", you must add an inputs.conf stanza to tail the
31 | audit log for the events reach your index.
32 | * Default: true
33 |
34 |
--------------------------------------------------------------------------------
/spec_files/8.2/audit.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # This file contains possible attributes and values you can use to configure
4 | # auditing and event signing in audit.conf.
5 | #
6 | # There is NO DEFAULT audit.conf. To set custom configurations, place an
7 | # audit.conf in $SPLUNK_HOME/etc/system/local/. For examples, see
8 | # audit.conf.example. You must restart Splunk to enable configurations.
9 | #
10 | # To learn more about configuration files (including precedence) please see the
11 | # documentation located at
12 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
13 |
14 | # GLOBAL SETTINGS
15 | # Use the [default] stanza to define any global settings.
16 | # * You can also define global settings outside of any stanza, at the top of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of multiple
19 | # definitions of the same attribute, the last definition in the file wins.
20 | # * If an attribute is defined at both the global level and in a specific
21 | # stanza, the value in the specific stanza takes precedence.
22 |
23 | #########################################################################################
24 | # KEYS: specify your public and private keys for encryption.
25 | #########################################################################################
26 |
27 | queueing =
28 | * Whether or not audit events are sent to the indexQueue.
29 | * If set to "true", audit events are sent to the indexQueue.
30 | * If set to "false", you must add an inputs.conf stanza to tail the
31 | audit log for the events reach your index.
32 | * Default: true
33 |
34 |
--------------------------------------------------------------------------------
/spec_files/8.1/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.1.5
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 | _source =
37 | * Specifies the source (filename) for the model.
38 |
--------------------------------------------------------------------------------
/spec_files/8.2/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.2.1
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 | _source =
37 | * Specifies the source (filename) for the model.
38 |
--------------------------------------------------------------------------------
/spec_files/9.0/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.0.0.1
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 | _source =
37 | * Specifies the source (filename) for the model.
38 |
--------------------------------------------------------------------------------
/spec_files/9.1/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.1.4
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 | _source =
37 | * Specifies the source (filename) for the model.
38 |
--------------------------------------------------------------------------------
/spec_files/9.2/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 9.2.0
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 | _source =
37 | * Specifies the source (filename) for the model.
38 |
--------------------------------------------------------------------------------
/spec_files/7.3/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 |
37 | _source =
38 | * Specifies the source (filename) for the model.
39 |
--------------------------------------------------------------------------------
/spec_files/8.0/sourcetypes.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 8.0.0
2 | #
3 | # NOTE: sourcetypes.conf is a machine-generated file that stores the document
4 | # models used by the file classifier for creating source types.
5 |
6 | # Generally, you should not edit sourcetypes.conf, as most attributes are
7 | # machine generated. However, there are two attributes which you can change.
8 | #
9 | # There is a sourcetypes.conf in $SPLUNK_HOME/etc/system/default/ To set custom
10 | # configurations, place a sourcetypes..conf in $SPLUNK_HOME/etc/system/local/.
11 | # For examples, see sourcetypes.conf.example. You must restart Splunk to enable
12 | # configurations.
13 | #
14 | # To learn more about configuration files (including precedence) please see the
15 | # documentation located at
16 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
17 |
18 | # GLOBAL SETTINGS
19 | # Use the [default] stanza to define any global settings.
20 | # * You can also define global settings outside of any stanza, at the top of
21 | # the file.
22 | # * Each conf file should have at most one default stanza. If there are
23 | # multiple default stanzas, attributes are combined. In the case of
24 | # multiple definitions of the same attribute, the last definition in the
25 | # file wins.
26 | # * If an attribute is defined at both the global level and in a specific
27 | # stanza, the value in the specific stanza takes precedence.
28 |
29 |
30 | _sourcetype =
31 | * Specifies the sourcetype for the model.
32 | * Change this to change the model's sourcetype.
33 | * Future sources that match the model will receive a sourcetype of this new
34 | name.
35 |
36 |
37 | _source =
38 | * Specifies the source (filename) for the model.
39 |
--------------------------------------------------------------------------------
/resources/projects/modviz/appserver/static/visualizations/standin/README.md:
--------------------------------------------------------------------------------
1 | # Splunk Visualization App Template
2 |
3 | This is the basic template for a splunk visualization app. This teamplate is meant to be edited to build custom visualizations. It contains:
4 |
5 | - The relevant directory structure for a visuzliation app
6 | - A standin visualization package directory with a standin visualiztion and a basic webpack configuration
7 | - Relevant .conf files for the visualization
8 |
9 | ## Building the visualization
10 |
11 | NOTE: You must have npm installed in oder to build. If you do not have npm installed, install it and come back.
12 |
13 | The visualization contained in this app must be built using web pack in order to run it on Splunk. There is a basic webpack configuration built in to the app. To build from the command line, first, cd to the *visualization/standin* directory. On the first run you will have to install the dependeincies with npm:
14 |
15 | ```
16 | $ npm install
17 | ```
18 | Once you done that, you can build the viz with the provided build task:
19 |
20 | ```
21 | $ npm run build
22 | ```
23 |
24 | This will create a *visualization.js* file in the visualization directory.
25 |
26 | ## Adding Your Own Code
27 |
28 | The standin viz isn't very interesting, so you will want to add your own code. You should rename the *visualization/src/standin.js* file to something appropriate, then you can edit it as you see fit. To build, you will have to change the `entry` variable in *visualization/webpack.config* to corespond to your new file name. Then you can run the build task again.
29 |
30 | ## More Information
31 | For more information on building custom visualizations including a tutorial, API overview, and more see:
32 |
33 | http://docs.splunk.com/Documentation/Splunk/6.5.0/AdvancedDev/CustomVizDevOverview
34 |
--------------------------------------------------------------------------------
/spec_files/7.3/viewstates.conf.spec:
--------------------------------------------------------------------------------
1 | # Version 7.3.0
2 | #
3 | # This file explains how to format viewstates.
4 | #
5 | # To use this configuration, copy the configuration block into
6 | # viewstates.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk
7 | # to enable configurations.
8 | #
9 | # To learn more about configuration files (including precedence) please see
10 | # the documentation located at
11 | # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles
12 |
13 | # GLOBAL SETTINGS
14 | # Use the [default] stanza to define any global settings.
15 | # * You can also define global settings outside of any stanza, at the top
16 | # of the file.
17 | # * Each conf file should have at most one default stanza. If there are
18 | # multiple default stanzas, attributes are combined. In the case of
19 | # multiple definitions of the same attribute, the last definition in the
20 | # file wins.
21 | # * If an attribute is defined at both the global level and in a specific
22 | # stanza, the value in the specific stanza takes precedence.
23 |
24 |
25 | [:]
26 | * Auto-generated persistence stanza label that corresponds to UI views
27 | * The is the URI name (not label) of the view to persist
28 | * if = "*", then this viewstate is considered to be 'global'
29 | * The is the unique identifier assigned to this set of
30 | parameters
31 | * = '_current' is a reserved name for normal view
32 | 'sticky state'
33 | * = '_empty' is a reserved name for no persistence,
34 | i.e., all defaults
35 |
36 | . =
37 | * The is the runtime id of the UI module requesting persistence
38 | * The