Administrator
/
Splunk_Docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_Docker/files/splunkbeta/etc/system/default/restmap.conf

1261 lines
79 KiB
Raw Permalink Blame History

# Version 9.2.2.20240415
# DO NOT EDIT THIS FILE!
# Changes to default files will be lost on update and are difficult to
# manage and support.
#
# Please make any changes to system defaults by overriding them in
# apps or $SPLUNK_HOME/etc/system/local
# (See "Configuration file precedence" in the web documentation).
#
# To override a specific setting, copy the name of the stanza and
# setting to the file where you wish to override it.
#
# This file contains possible attribute and value pairs for creating
# new rest endpoints.
#
# /////////////////////////////////////////////////////////////////////////////
# global settings
# /////////////////////////////////////////////////////////////////////////////
[global]
# indicates if auths are allowed via GET params
allowGetAuth=false
#The default handler (assuming that we have PYTHONPATH set)
pythonHandlerPath=$SPLUNK_HOME/bin/rest_handler.py
allowRestReplay=false
defaultRestReplayStanza=restreplayshc
v1APIBlockGETSearchLaunch=false
# /////////////////////////////////////////////////////////////////////////////
# internal C++ handlers
# /////////////////////////////////////////////////////////////////////////////
[masterlm:masterlm]
match=/masterlm
requireAuthentication = false
[admin:admin]
match=/admin
# certificates
[admin:certificates]
match=/admin/certificates
# login
[admin:auth]
match=/auth
members = login,trustedlogin
[login:authed]
match=/auth/login
# The 'login:*' handlers don't require pre-existing authentication since
# they are what provide the authtokens in the first place
requireAuthentication = false
# /auth/trustedlogin is only used if Single Sign On is enabled (see
# the 'trustedIP' setting in server.conf)
[login:sso]
match=/auth/trustedlogin
requireAuthentication = false
# no auth.
[admin:auth-tokens]
match=/admin/auth-tokens
requireAuthentication = false
[admin:auth-tokens-alias]
match=/authentication/auth-tokens
requireAuthentication = false
# no auth.
[admin:server-info]
match=/admin/server-info
requireAuthentication = true
[admin:server-info-alias]
match=/server/info
requireAuthentication = true
# machine & system information (cpu, memory, os limits etc)
[admin:system-info]
match=/server/sysinfo
[admin:server-status]
match=/server/status
members=limits,introspection--disk-objects--search-dispatch-artifacts:dispatch-artifacts,introspection--disk-objects--fishbucket:fishbucket,introspection--disk-objects--partitions-space:partitions-space,installed-file-integrity
# splunk software configured limits
[admin:server-status-limits]
match=/server/status/limits
members=server-status-limits-concurrency:search-concurrency
requireAuthentication = false
[admin:conf-resource-usage]
match=/server/status/conf-resource-usage
requireAuthentication = true
[admin:limits]
match=/server/status/limits/general
[admin:server-status-resource-usage]
match=/server/status/resource-usage
members=introspection--resource-usage--hostwide:hostwide,introspection--resource-usage--splunk-processes:splunk-processes,introspection--resource-usage--iostats:iostats,introspection--resource-usage--iowait:iowait
[admin:streams_group]
match = /streams
members = rtsearch,search,deployment,clusterbundles,diag,rdin,event-capture-local
# security related endpoints
[admin:server_security_group]
match = /server/security
members = crl,splunk-secret
[streams:rtsearch]
match=/streams/rtsearch
capability=rtsearch
[streams:search]
match=/streams/search
capability=search
[streams:rdin]
match=/streams/rdin
authKeyStanza=parallelreduce
[admin:server-roles]
match=/admin/server-roles
requireAuthentication = false
# deployment server related handlers.
# this handler is for downloading service classes using the streaming method.
[streams:deployment]
match=/streams/deployment
requireAuthentication=false
[streams:clusterbundles]
match=/streams/clusterbundles
authKeyStanza=clustering
[streams:diag]
match=/streams/diag
requireAuthentication=true
capability = get_diag
authKeyStanza = clustering
[streams:event-capture-local]
match=/streams/event-capture-local
requireAuthentication=true
authKeyStanza = deployment
[server-status-diag:server-status-diag]
match=/server/status/diag
requireAuthentication=true
capability = get_diag
[static-asset:static-asset]
match=/static
capability=rest_properties_get
# this handler is for getting to the deployment server rest endpoint.
[DS:deploymentServer]
match=/deployment
requireAuthentication=false
[SBA:sba]
match=/properties($|/)
capability.get=rest_properties_get
capability.post=rest_properties_set
capability.put=rest_properties_set
capability.delete=rest_properties_set
[conf-replication:conf-replication]
match=/replication/configuration
capability.get=admin_all_objects
capability.post=admin_all_objects
authKeyStanza=shclustering
[collections:collections]
match=/storage/collections/data
[admin:disaster-recovery]
match=/xrdr
members=xrdr-config:config
capability.get=admin_all_objects
capability.post=admin_all_objects
[admin:noah]
match=/noah
members=noah-config:config
capability.get=admin_all_objects
[admin:remote-output-queue]
match=/remote/queue/output
members=roq-config:config, roq-status:status
capability.get=list_remote_output_queue
capability.post=admin_all_objects
[admin:remote-input-queue]
match=/remote/queue/input
members=riq-config:config, riq-status:status, riq-dlq:dlq, riq-parse:parse, riq-bootstrap:bootstrap
capability.get=list_remote_input_queue
capability.post=admin_all_objects
[admin:cascading-replication]
match=/replication/cascading
members=cascading-plans:plans
[cascade-plan-upload:cascade-plan-upload]
match=/replication/cascading/upload/plan
[cascade-data-upload:cascade-data-upload]
match=/replication/cascading/upload/payload
authKeyStanza=cascading_replication
[kvstore-management:kvstore-management]
match=/admin/kvstore
[admin:kvstore_maintenance_group]
match=/kvstore
members=kvstoremaintenance:maintenance
authKeyStanza=shclustering
[admin:collections-handlers]
match=/storage/collections
members=collections-conf:config
[admin:dist-handlers]
match=/search/distributed
members=distsearch-setup:config,distsearch-peer:peers,distsearch-group:groups,search-head-bundles:bundle-replication-files
[admin:knowledge-bundle-handlers]
match=/search/distributed/bundle/replication
members=bundle-replication-cycles:cycles, bundle-replication-config:config
[shelper:shelper]
match=/search/shelper
[admin:scheduler]
match=/search/scheduler
[admin:search-concurrency-settings-handler]
match=/search/concurrency-settings
[admin:search-job-type-handler]
match=/search/job-type
[asyncsearch:asyncsearch]
match=/search
capability=search
[typeahead:typeahead]
match=/search/typeahead
capability=get_typeahead
[indexing-preview:indexing-preview]
match = /indexing/preview
capability = (edit_monitor or edit_upload_and_index)
[savedsearch:savedsearch]
match=/saved/searches
# workaround due to SPL-130980, this mapping will cause an error message saying catalog handler is not found in splunkd.log.
[admin:catalog_group]
match=/catalog
members=catalog
# once SPL-130980 is fixed, we shouldn't need catalog_group mapping
[admin:catalog_metricstore_group]
match=/catalog/metricstore
members=metricstore-metrics:metrics,metricstore-dimensions:dimensions,metricstore_rollup:rollup
[admin:sourcetypes]
match =/saved/sourcetypes
capability.post = edit_sourcetypes
capability.put = edit_sourcetypes
capability.delete = edit_sourcetypes
[scheduledviews:scheduledviews]
match=/scheduled/views
[input:simple]
match=/receivers/simple
capability = edit_tcp or edit_log_alert_event
[input:stream]
match=/receivers/stream
dynamic=true
capability = edit_tcp or edit_tcp_stream
[peerupload:bundle]
match=/receivers/bundle($|/)
path=$SPLUNK_HOME/var/run/searchpeers
untar=true
[bundle-delta:bundle-delta]
match=/receivers/bundle-delta($|/)
[proxybundleupload:proxybundleupload]
match=/receivers/proxy/bundle($|/)
path=$SPLUNK_HOME/var/run/proxy_bundles
untar=true
authKeyStanza = shclustering
[proxybundleuploadrshcluster:proxybundleuploadrshcluster]
match=/receivers/proxy/bundle-rsh-cluster($|/)
path=$SPLUNK_HOME/var/run/proxy_bundles
untar=true
authKeyStanza = shclustering
[admin:proxybundlelist]
match = /receivers/proxy/bundlelist
authKeyStanza = shclustering
[broker:broker]
match=/broker
authKeyStanza=deployment
requireAuthentication=false
[validate:validate]
match=/configs/validate
[spec:spec]
match=/configs/spec
[audit-trail:audit-trail]
match=/admin/audit-trail
[admin:splunk-audit]
match=/admin/audit
[telemetry-metric:telemetry-metric]
match=/telemetry-metric
[diag:diag]
match=/diag
authKeyStanza=clustering
capability = get_diag
[spl2-modules:spl2-modules]
match=/spl2
[remote-proxy:remote-proxy]
match=/remote-proxy
authKeyStanza=clustering
capability = use_remote_proxy
[register-package:register-package-endpoints]
match = /register-package-endpoints
# /////////////////////////////////////////////////////////////////////////////
# admin section groupings
# /////////////////////////////////////////////////////////////////////////////
[admin:deployment]
match=/deployment
members = deploymentclient:client
[admin:deployment_server_group]
match=/deployment/server
members = deploymentserver:config,serverclasses:serverclasses,applications:applications,serverclients:clients
[admin:authentication_group]
match=/authentication
members = auth-tokens,users,httpauth-tokens,users:changepassword,current-context
[admin:authorization_group]
match=/authorization
members = capabilities,grantable_capabilities,roles,tokens,scs_tokens,fieldfilters
[admin:workloads_group]
match=/workloads
members = workload-config:config, workload-pools:pools, workload-rules:rules, workload-status:status, workload-categories:categories, workload-policy:policy
[eai:conf-restmap]
capability.write=edit_restmap and admin_all_objects
[eai:conf-server]
capability.read=list_settings
capability.write=edit_server and admin_all_objects
[eai:conf-authentication]
capability.write=change_authentication and edit_roles and admin_all_objects
capability.read=change_authentication
[eai:conf-authorize]
capability.write=edit_roles and admin_all_objects
capability.read=edit_roles
[eai:conf-user-seed]
capability.write=edit_user_seed
capability.read=edit_user_seed
[eai:conf-web]
capability.write=edit_web_settings and admin_all_objects
[SBA:server]
match=/properties/server($|/)
capability.get=list_settings
capability.post=edit_server and admin_all_objects
capability.put=edit_server and admin_all_objects
capability.delete=edit_server and admin_all_objects
[SBA:restmap]
match=/properties/restmap($|/)
capability.post=edit_restmap and admin_all_objects
capability.put=edit_restmap and admin_all_objects
capability.delete=edit_restmap and admin_all_objects
[SBA:authentication]
match=/properties/authentication($|/)
capability.get=change_authentication
capability.post=change_authentication and edit_roles and admin_all_objects
capability.put=change_authentication and edit_roles and admin_all_objects
capability.delete=change_authentication and edit_roles and admin_all_objects
[SBA:authorize]
match=/properties/authorize($|/)
capability.get=edit_roles
capability.post=edit_roles and admin_all_objects
capability.put=edit_roles and admin_all_objects
capability.delete=edit_roles and admin_all_objects
[SBA:user-seed]
match=/properties/user-seed($|/)
capability.get=edit_user_seed
capability.post=edit_user_seed
capability.put=edit_user_seed
capability.delete=edit_user_seed
[SBA:web]
match=/properties/web($|/)
capability.get=rest_properties_get
capability.post=edit_web_settings and admin_all_objects
capability.put=edit_web_settings and admin_all_objects
capability.delete=edit_web_settings and admin_all_objects
[admin:directory]
match = /directory
[admin:providers_group]
match=/authentication/providers
members=auth-services:services,LDAP-auth:LDAP,SAML-auth:SAML,Scripted-auth:Scripted,Splunk-auth:Splunk,Token-auth:Token
[admin:Splunk-auth-alias]
match=/admin/splunk-auth
requireAuthentication = true
[admin:Token-auth-alias]
match=/admin/token-auth
requireAuthentication = true
[indexer_discovery:indexer_discovery]
match=/indexer_discovery
authKeyStanza=indexer_discovery
[admin:cluster_group]
match=/cluster
members = clusterconfig:config
authKeyStanza=clustering
[admin:cluster_manager_group]
match=/cluster/manager
members = clustermanagerbuckets:buckets,clustermanagerstatus:status,clustermanagerpeers:peers,clustermanagerredundancy:redundancy,clustermanagerinfo:info,clustermanagergeneration:generation,clustermanagercontrol:control,clustermanagerreplications:replications,clustermanagersearchheads:searchheads, clustermanagerpeerindexes:indexes, clustermanagerfixup:fixup,clustermanagersites:sites,clustermanagerbundle:bundle,clustermanagerhealth:health
authKeyStanza=clustering
[admin:clustermanagerbucketsmerge]
match=/cluster/manager/clustermanagerbucketsmerge/merge-buckets
authKeyStanza=clustering
capability=merge_buckets
[admin:cluster_master_group]
match=/cluster/master
members = clustermasterbuckets:buckets,clustermasterstatus:status,clustermasterpeers:peers,clustermasterinfo:info,clustermastergeneration:generation,clustermastercontrol:control,clustermasterreplications:replications,clustermastersearchheads:searchheads, clustermasterpeerindexes:indexes, clustermasterfixup:fixup,clustermastersites:sites,clustermasterbundle:bundle,clustermasterhealth:health
authKeyStanza=clustering
[admin:clusteractivemanager]
match = /cluster/manager/ha_active_status
requireAuthentication = false
[admin:cluster_peer_group]
match=/cluster/peer
members = clusterpeerbuckets:buckets,clusterpeerinfo:info,clusterpeercontrol:control, clusterpeersearchheadcertificate:searchheadcertificate,clusterpeerreplications:replications
authKeyStanza=clustering
[admin:cluster_slave_group]
match=/cluster/slave
members = clusterslavebuckets:buckets,clusterslaveinfo:info,clusterslavecontrol:control, clusterslavesearchheadcertificate:searchheadcertificate,clusterslavereplications:replications
authKeyStanza=clustering
[admin:cluster_searchhead_group]
match=/cluster/searchhead
members = clustersearchheadgeneration:generation,clustersearchheadconfig:searchheadconfig,clustersearchheadcontrol:control
authKeyStanza=clustering
[admin:shcluster_group]
match=/shcluster
members = shclusterconfig:config,shclusterstatus:status
authKeyStanza=shclustering
[admin:shcluster_member_ready]
match=/shcluster/member
members = shclusterready:ready
requireAuthentication=false
[admin:shcluster_captain_group]
match=/shcluster/captain
members = shclustercaptainartifacts:artifacts,shclustercaptainmembers:members,shclustercaptaininfo:info,shclustercaptaincontrol:control,shclustercaptainreplications:replications, shclustercaptainfixup:fixup, shclustercaptainjobs:jobs, shclustercaptainkvstoremigrate:kvmigrate, shclustercaptainkvstorebackup:kvstorebackup, shclustercaptainkvstoreupgrade:kvstore-upgrade
authKeyStanza=shclustering
[admin:shcluster_member_group]
match=/shcluster/member
members = shclustermemberartifacts:artifacts,shclustermemberpeers:members,shclustermemberinfo:info,shclustermembercontrol:control, shclustermemberreplications:replications,shclustermemberconsensus:consensus,shclustermemberdelegatejob:delegatejob
authKeyStanza=shclustering
[admin:kvstore_group]
match=/kvstore
members = kvstorestatus:status,kvstoreresync:resync,kvstorebackup:backup,restore,kvstoreinfo:info,kvstorecache:cache,externalconfig:config
authKeyStanza=kvstore
[admin:kvstore_engine_group]
match=/kvstore
members=kvstoreengine:engine
authKeyStanza=shclustering
[admin:kvstore_control_group]
match=/kvstore
members=kvstorecontrol:control
authKeyStanza=kvstore
[admin:kvstore_upgrade_group]
match=/kvstore
members=kvstoreupgrade:version
authKeyStanza=shclustering
[admin:licenser_group]
match=/licenser
members=licenses,pools,stacks,groups,slaves,localslave,licensermessages:messages,scriptedwarning,licenseusage:usage,peers,localpeer,managers
[admin:messages]
match=/messages
authKeyStanza=shclustering
[admin:generators]
match=/generators/guid
members=random-guid:random
requireAuthentication=false
[admin:template]
match=/template
members = template-realize:realize
requireAuthentication=false
[admin:data_group]
match=/data
members = commandsconf:commands,user-prefs,lookup-table-files,modular-inputs,vix-providers,vix-indexes,index-archiver:archiver,datamodel-files:models,introspection--disk-objects--volumes:index-volumes,introspection--disk-objects--indexes:indexes-extended,introspection--disk-objects--summaries:summaries,macros,introspection--distributed-indexes:distributed-indexes
[admin:data_indexes]
match=/data
members = indexes
maxCacheTime = 30m
[admin:datamodel-group]
match=/datamodel
members = datamodeledit:model, datamodelpivot:pivot, datamodelacceleration:acceleration, datamodelgenerate:generate
[admin:tcp_forwarders_group]
match = /data/outputs/tcp
members = tcpout-default:default,tcpout-group:group,tcpout-server:server,syslog,indexer-discovery-config:indexerdiscovery
[admin:deployment_group]
match=/deployment/server/setup/data/inputs
members = remote_all,remote_monitor,remote_script,remote_udp,remote_eventlogs,remote_perfmon
[admin:deployment_tcp_inputs_group]
match=/deployment/server/setup/data/inputs/tcp
members = remote_raw,remote_cooked,remote_ssl
[admin:deploymentsetup]
match=/deployment/server/setup/data/
members = remote_indexes
[admin:introspection_group]
match = /server/introspection
members = introspection-queues:queues,introspection-pipelines:pipelines,introspection-processors:processors,introspection-indexer:indexer
[admin:introspection_kvstore_group]
match = /server/introspection/kvstore
members = kvstore-serverstatus:serverstatus, kvstore-collectionstats:collectionstats, kvstore-replicasetstats:replicasetstats
[admin:introspection_search_group]
match = /server/introspection/search
members = introspection-savedsearches:saved, introspection-scheduler:scheduler, search-distributedmetrics:distributed, introspection-dispatchreaper:dispatch
[admin:inputs_group]
match = /data/inputs
members = all,monitor,script,http,oneshotinput:oneshot,udp
[admin:tcp_inputs_group]
match = /data/inputs/tcp
members = raw,cooked,ssl,splunktcptoken
[admin:manager]
match = /data/ui/manager
capability.post = edit_manager_xml
[admin:spl2_modules_access]
match = /spl2/modules-access
[admin:ui_data_group]
match = /data/ui
members = views,modalerts:alerts,panels,visualizations,nav,viewstates,workflow-actions,conf-times:times,ui-prefs:prefs,ui-tour,livetail,global-banner
[quarantined-status:quarantined-status]
match = /quarantined/status
requireAuthentication = true
capability = read_internal_libraries_settings
authKeyStanza = shclustering
[admin:web-features]
match = /web-features
capability.post = edit_web_features
[admin:props_group]
match = /data/props
members = props-extract:extractions,props-lookup:lookups,fieldaliases,sourcetype-rename,props-eval:calcfields
[admin:transforms_group]
match = /data/transforms
members = transforms-extract:extractions,transforms-lookup:lookups,transforms-statsd:statsdextractions,metric-schema
[ingest-rulesets:ingest-rulesets]
match = /data/ingest/rulesets
capability.get = list_ingest_rulesets
capability.post = edit_ingest_rulesets
capability.delete = edit_ingest_rulesets
authKeyStanza = clustering
[ingest-ruleset-serialize:ingest-ruleset-serialize]
match = /data/ingest/ruleset-serialize
[ingest-event-capture:ingest-event-capture]
match = /data/ingest/event-capture
capability.post = capture_ingest_events
# EAI helpers to modify rfs destination endpoint.
[admin:ingest-rfs-destinations]
match = /data/ingest/rfsdestinations
authKeyStanza = clustering
# EAI helpers for the above rulesets endpoint.
[admin:ruleset_helpers]
match = /data/ingest
members = ruleset-deployment, ruleset-status
# Add auth setting so SH can query CM for publish info. The stanza name must be
# ruleset-status here, so we can match the EAI registration name.
[admin:ruleset-status]
match = /data/ingest/ruleset-status
authKeyStanza = clustering
[admin:saved_group]
match=/saved
members = savedsearch:searches,eventtypes,ntags,fvtags
authKeyStanza=shclustering
[admin:bookmarks_group]
match=/saved/bookmarks
members = bookmarks-mc:monitoring_console
[admin:proxy_config]
match = /server/httpsettings
members = proxysettings
[admin:root_ca_truststore]
match = /admin/security/certmgr
members = truststores,certs
[admin:scheduled_group]
match=/scheduled
members = scheduledviews:views
[admin:alerts]
match=/alerts
members = alerts:fired_alerts,alert_actions,metric_alerts:metric_alerts
[admin:telemetry]
match = /telemetry
authKeyStanza = clustering
[admin:health-report-local]
match = /server/health/splunkd/local
authKeyStanza = shclustering,clustering
[ingestion-latencies:ingestion-latencies]
match = /server/health/ingestion-latencies
[admin:server_group]
match = /server
members = server-settings:settings,server-control:control,server-pipeline-sets:pipelinesets,server-info:info,logger:logger,server-roles:roles,status,health-report:health,health-report-config:health-config
[admin:storage_group]
match = /storage
members = passwords
[admin_external:localapps-python]
handlertype=python
python.version = latest
handlerfile=localapps.py
handleractions=create, edit
[admin_external:apptemplates]
handlertype=python
python.version = latest
handlerfile=apptemplates.py
handleractions=list
[admin:apps_group]
match=/apps
members=remote,deploy,apptemplates
[admin:localapps]
match=/apps/local
authKeyStanza=shclustering
[apps-backup:apps-backup]
match=/apps/backup
capability.post=admin_all_objects or apps_backup
authKeyStanza=shclustering
[apps-deploy:apps-deploy]
match=/apps/deploy
capability.post=admin_all_objects
authKeyStanza=shclustering
[apps-restore:apps-restore]
match=/apps/restore
capability.post=admin_all_objects or apps_restore
authKeyStanza=shclustering
[admin:raw_config_group]
match=/configs
members=conf-inputs:inputs,conf-wmi:wmi,conf-deploymentclient:deploymentclient
[admin:fields]
match=/data/fields
[summaryman:summaryman]
match=/summaryman
[cacheman:cacheman]
match=/cacheman
[admin:datasets]
match=/datasets
[admin:bucketmerge]
match=/bucketmerge
capability=merge_buckets
#
#
#
[admin:watchdog-pstacks]
match=/server/pstacks
[admin:watchdog]
match=/server/watchdog
[admin:federated_group]
match=/data/federated
members=federated-index:index,federated-provider:provider,federated-settings:settings
capability.post=admin_all_objects
capability.delete=admin_all_objects
[admin:datalake_group]
match=/data/datalake
members=datalake-categories:categories,datalake-index:index,datalake-ingest:ingest
capability.post=fsh_manage
capability.delete=fsh_manage
capability.get=fsh_manage
[admin:config_tracker_group]
match = /config_tracker
members = config_tracker:config
[admin:local_proxy_group]
match = /local_proxy
members = local_proxy:config
# /////////////////////////////////////////////////////////////////////////////
# eai specific handler settings
# /////////////////////////////////////////////////////////////////////////////
#
# The UI for the directory service requires that an entity have manager XML
# that defines how that entity is listed and edited.
#
# As a result, entity types that completely lack manager XML are omitted from
# the directory service. Ditto for entities that cannot be edited.
#
[eai:eventtypes]
showInDirSvc = true
[eai:savedsearch]
showInDirSvc = true
[eai:collections-conf]
showInDirSvc = true
[eai:conf-times]
showInDirSvc = true
[eai:views]
showInDirSvc = true
[eai:panels]
showInDirSvc = true
[eai:visualizations]
showInDirSvc = true
[eai:modalerts]
showInDirSvc = true
[eai:nav]
showInDirSvc = true
# No manager XML exists for manager XML itself.
[eai:manager]
showInDirSvc = false
# Because of the possible performance impact of large numbers of viewstates, do
# not include viewstates in the directory service by default.
[eai:viewstates]
showInDirSvc = false
[eai:commandsconf]
showInDirSvc = true
desc = commands
[eai:macros]
showInDirSvc = true
# Unique tag-field-value tuples are not editable.
[eai:tags]
showInDirSvc = false
# Tags by tag name do not support ACL read or write. The UI looks bad when some
# entities support sharing and permissions while others do not.
[eai:ntags]
showInDirSvc = false
[eai:fvtags]
showInDirSvc = true
[eai:transforms-extract]
showInDirSvc = true
[eai:transforms-lookup]
showInDirSvc = true
[eai:workflow-actions]
showInDirSvc = true
# The manager XML for lookup table files does not define an edit screen.
[eai:lookup-table-files]
showInDirSvc = false
[eai:props-extract]
showInDirSvc = true
[eai:props-lookup]
showInDirSvc = true
[eai:fieldaliases]
showInDirSvc = true
[eai:sourcetype-rename]
showInDirSvc = true
[eai:global-banner]
showInDirSvc = true
#//////////////////////////////////////////////////////////////////////////////
# splunkbase proxy handler
#//////////////////////////////////////////////////////////////////////////////
[proxy:appsbrowser]
match=/appsbrowser
capability=rest_properties_get
destination=https://splunkbase.splunk.com/api
capability.get=rest_apps_view
#//////////////////////////////////////////////////////////////////////////////
# splunkbase handler
#//////////////////////////////////////////////////////////////////////////////
[splunkbase:splunkbase]
match=/splunkbase
capability.post=admin_all_objects
# /////////////////////////////////////////////////////////////////////////////
# script-based handlers
# /////////////////////////////////////////////////////////////////////////////
[script:RemoteAppsHandlerList]
match=/apps/remote/?$
scripttype=python
python.version = latest
handler=appsmanager.RemoteAppsHandlerList
capability.get=rest_apps_view
output_modes = xml,json
[script:RemoteAppsLogin]
match=/apps/remote/login/?
scripttype=python
python.version = latest
handler=appsmanager.RemoteAppsLogin
capability.post=rest_apps_view
output_modes = xml,json
[script:RemoteAppsManagerEntries]
match=/apps/remote/entries(byid)?/?
scripttype=python
python.version = latest
handler=appsmanager.RemoteAppsManager
capability.get=rest_apps_view
capability.post=rest_apps_management
capability.delete=rest_apps_management
output_modes = xml
[script:RemoteAppsManagerCategories]
match=/apps/remote/categories/?
scripttype=python
python.version = latest
handler=appsmanager.RemoteAppsManager
capability.get=rest_apps_view
capability.post=rest_apps_management
capability.delete=rest_apps_management
output_modes = xml
[script:pdfgenHandler]
match = /pdfgen/render
scripttype = python
python.version = latest
handler = pdfgen_endpoint.PDFGenHandler
requireAuthentication = true
[script:fieldExtractorGenerateRegex]
match = /field_extractor/generate_regex
scripttype = python
python.version = latest
handler = field_extractor.RegexGenHandler
requireAuthentication = true
# /////////////////////////////////////////////////////////////////////////////
# EAI validation rules
# /////////////////////////////////////////////////////////////////////////////
[validation:bookmarks-mc]
name = validate( len('name') <= 25, "Name can only be 25 characters long" )
url = validate( match('url', '^https?://'), "Value of argument 'url' must begin with http:// or https://", \
match('url', 'splunk_monitoring_console'), "Value of argument 'url' must contain 'splunk_monitoring_console'" )
[validation:metric_alerts]
trigger.evaluation_per_group = validate( is_bool('trigger.evaluation_per_group'), "Value of argument 'trigger.evaluation_per_group' must be a boolean")
trigger.action_per_group = validate( is_bool('trigger.action_per_group'), "Value of argument 'trigger.action_per_group' must be a boolean")
trigger.suppress = validate( match('trigger.suppress', "^(0|\d+m)$"), "Value of argument trigger.suppress must be 0, or of the format <num>m")
trigger.expires = validate( match('trigger.expires', "^(0|\d+(m|h|d))$"), "Value of argument trigger.expires must be 0, or of the format <num>[mhd]")
trigger.threshold = validate( match('trigger.threshold', "^(always|once)(\s+after\s+(\d+m))?$"), "Value of argument trigger.threshold must be of the format [always|once|always after <number>m|once after <number>m]")
# This stanza is factored out of [validation:savedsearch] so it can be shared by validation:metric_alerts
[validation:alert_action_part]
action.email.sendresults = validate( is_bool('action.email.sendresults'), "Value of argument 'action.email.sendresults' must be a boolean")
action.email.sendpdf = validate( is_bool('action.email.sendpdf'), "Value of argument 'action.email.sendpdf' must be a boolean")
action.email.sendcsv = validate( is_bool('action.email.sendcsv'), "Value of argument 'action.email.sendcsv' must be a boolean")
action.email.sendpng = validate( is_bool('action.email.sendpng'), "Value of argument 'action.email.sendpng' must be a boolean")
action.email.inline = validate( is_bool('action.email.inline'), "Value of argument 'action.email.inline' must be a boolean")
action.email.priority = validate( match('action.email.priority', "^([1-5])$"), "Value of argument 'action.email.priority' must be either '1', '2', '3', '4', '5'")
action.email.include.results_link = validate( is_bool('action.email.include.results_link'), "Value of argument 'action.email.include.results_link' must be a boolean")
action.email.include.search = validate( is_bool('action.email.include.search'), "Value of argument 'action.email.include.search' must be a boolean")
action.email.include.trigger = validate( is_bool('action.email.include.trigger'), "Value of argument 'action.email.include.trigger' must be a boolean")
action.email.include.trigger_time = validate( is_bool('action.email.include.trigger_time'), "Value of argument 'action.email.include.trigger_time' must be a boolean")
action.email.include.view_link = validate( is_bool('action.email.include.view_link'), "Value of argument 'action.email.include.view_link' must be a boolean")
action.email.to = validate( match('action.email.to', "(?i)^((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$)))*$"), "One of the email addresses in 'action.email.to' is invalid")
action.email.cc = validate( match('action.email.cc', "(?i)^((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$)))*$"), "One of the email addresses in 'action.email.cc' is invalid")
action.email.bcc = validate( match('action.email.bcc', "(?i)^((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}]+)\})?\$)))*$"), "One of the email addresses in 'action.email.bcc' is invalid")
action.email.useNSSubject= validate( match('action.email.useNSSubject', "^(0|1)$"), "Value of argument 'action.email.useNSSubject' must be either '0' or '1'")
# keep this rule in agreement with runshellscript.py internal validation, as scripts can be invoked directly from a search string
action.script.filename = validate( NOT match('action.script.filename', "\.\.|/|\\\\|:"), "Script filename cannot contain '..', '/', '\\', or ':'")
action.lookup.filename = validate( match('action.lookup.filename', ".*\.csv") AND NOT match('action.lookup.filename', "\.\.|/|\\\\"), "Lookup filename must end with .csv and cannot contain '..', '/', or '\\'")
[validation:scheduler_limits]
async_saved_search_fetch = validate( is_bool('async_saved_search_fetch'), "Value of argument 'async_saved_search_fetch' must be a boolean.")
async_saved_search_interval = validate( isint('async_saved_search_interval') AND 'async_saved_search_interval'>=0, "Value of argument 'async_saved_search_interval' must be a non-negative integer.")
async_admission_eval_interval = validate( isint('async_admission_eval_interval') AND 'async_admission_eval_interval'>=0, "Value of argument 'async_admission_eval_interval' must be a non-negative integer.")
[validation:savedsearch]
alert.digest_mode = validate( is_bool('alert.digest_mode'), "Value of argument 'alert.digest_mode' must be a boolean")
alert.severity = 'alert.severity'>0 AND 'alert.severity'<7
alert.suppress = validate( is_bool('alert.suppress'), "Value of argument 'alert.suppress' must be a boolean")
alert.suppress.period = validate ( match('alert.suppress.period', "(?i)^((ack)|(\d+[hmsd]?))$"), "Value of argument alert.suppress.period must be of the format <integer>[smhd]? or ack")
alert.expires = validate ( match('alert.expires', "^\d+[hmsd]?$"), "Value of argument alert.expires must be of the format <integer>[smhd]?")
alert.managedBy = validate( typeof('alert.managedBy') == "String", "Value of argument 'alert.managedBy' must be a string")
auto_summarize.timespan = validate ( match('auto_summarize.timespan',"(^\d+((s|(sec(onds?)?))|(m|min(utes?)?)|(h|h(rs?)|hours?)|(d(ays?)?)|(mon(ths?)?)|([umcd]s))?)(\s*,\s*(\d+((s|(sec(onds?)?))|(m|min(utes?)?)|(h|h(rs?)|hours?)|(d(ays?)?)|(mon(ths?)?)|([umcd]s))?)+)*$"), "Invalid span length syntax used for argument auto_summarize.timespan")
dispatch.indexedRealtime = validate( is_bool('dispatch.indexedRealtime'), "Value of argument 'dispatch.indexedRealtime' must be a boolean")
dispatch.auto_cancel = validate( isint('dispatch.auto_cancel') AND 'dispatch.auto_cancel'>=0, "Value of argument 'dispatch.auto_cancel' must be a non-negative integer.")
dispatch.auto_pause = validate( isint('dispatch.auto_pause') AND 'dispatch.auto_pause'>=0, "Value of argument 'dispatch.auto_pause' must be a non-negative integer.")
# UI Display Options
display.general.enablePreview = validate( match('display.general.enablePreview', "^(0|1)$"), "Value of argument 'display.general.enablePreview' must be either '0' or '1'")
display.general.type = validate( match('display.general.type', "^(events|statistics|visualizations)$"), "Value of argument 'display.general.type' must be either 'events', 'statistics', 'visualizations'")
display.general.timeRangePicker.show = validate( match('display.general.timeRangePicker.show', "^(0|1)$"), "Value of argument 'display.general.timeRangePicker.show' must be either '0' or '1'")
display.general.migratedFromViewState = validate( match('display.general.migratedFromViewState', "^(0|1)$"), "Value of argument 'display.general.migratedFromViewState' must be either '0' or '1'")
display.events.type = validate( match('display.events.type', "^(raw|list|table)$"), "Value of argument 'display.events.type' must be either 'raw', 'list', or 'table'")
display.events.rowNumbers = validate( match('display.events.rowNumbers', "^(0|1)$"), "Value of argument 'display.events.rowNumbers' must be either '0' or '1'")
display.events.maxLines = validate( isint('display.events.maxLines'), "Value of argument 'display.events.maxLines' must be an integer")
display.events.raw.drilldown = validate( match('display.events.raw.drilldown', "^(inner|outer|full|none)$"), "Value of argument 'display.events.raw.drilldown' must be either 'inner', 'outer', 'full', or 'none'")
display.events.list.drilldown = validate( match('display.events.list.drilldown', "^(inner|outer|full|none)$"), "Value of argument 'display.events.list.drilldown' must be either 'inner', 'outer', 'full', or 'none'")
display.events.list.wrap = validate( match('display.events.list.wrap', "^(0|1)$"), "Value of argument 'display.events.list.wrap' must be either '0' or '1'")
display.events.table.drilldown = validate( match('display.events.table.drilldown', "^(0|1)$"), "Value of argument 'display.events.table.drilldown' must be either '0' or '1'")
display.events.table.wrap = validate( match('display.events.table.wrap', "^(0|1)$"), "Value of argument 'display.events.table.wrap' must be either '0' or '1'")
display.statistics.rowNumbers = validate( match('display.statistics.rowNumbers', "^(0|1)$"), "Value of argument 'display.statistics.rowNumbers' must be either '0' or '1'")
display.statistics.wrap = validate( match('display.statistics.wrap', "^(0|1)$"), "Value of argument 'display.statistics.wrap' must be either '0' or '1'")
display.statistics.overlay = validate( match('display.statistics.overlay', "^(none|heatmap|highlow)$"), "Value of argument 'display.statistics.overlay' must be either 'none', 'heatmap', or 'highlow'")
display.statistics.drilldown = validate( match('display.statistics.drilldown', "^(row|cell|none)$"), "Value of argument 'display.statistics.drilldown' must be either 'row', 'cell', or 'none'")
display.statistics.totalsRow = validate( match('display.statistics.totalsRow', "^(0|1)$"), "Value of argument 'display.statistics.totalsRow' must be either '0' or '1'")
display.statistics.percentagesRow = validate( match('display.statistics.percentagesRow', "^(0|1)$"), "Value of argument 'display.statistics.percentagesRow' must be either '0' or '1'")
display.statistics.show = validate( match('display.statistics.show', "^(0|1)$"), "Value of argument 'display.statistics.show' must be either '0' or '1'")
display.visualizations.trellis.enabled = validate( match('display.visualizations.trellis.enabled', "^(0|1)$"), "Value of argument 'display.visualizations.trellis.enabled' must be either '0' or '1'")
display.visualizations.trellis.scales.shared = validate( match('display.visualizations.trellis.scales.shared', "^(0|1)$"), "Value of argument 'display.visualizations.trellis.scales.shared' must be either '0' or '1'")
display.visualizations.trellis.size = validate( match('display.visualizations.trellis.size', "^(small|medium|large)$"), "Value of argument 'display.visualizations.trellis.size' must be either 'small', 'medium', or 'large'")
display.visualizations.trellis.splitBy = validate( typeof('display.visualizations.trellis.splitBy') == "String", "Value of argument 'display.visualizations.trellis.splitBy' must be a string")
display.visualizations.show = validate( match('display.visualizations.show', "^(0|1)$"), "Value of argument 'display.visualizations.show' must be either '0' or '1'")
display.visualizations.type = validate( match('display.visualizations.type', "^(charting|singlevalue|mapping|custom)$"), "Value of argument 'display.visualizations.type' must be either 'charting', 'singlevalue', 'mapping' or 'custom'")
display.visualizations.chartHeight = validate( isint('display.visualizations.chartHeight'), "Value of argument 'display.visualizations.chartHeight' must be an integer")
display.visualizations.charting.chart = validate( match('display.visualizations.charting.chart', "^(line|area|column|bar|pie|scatter|bubble|radialGauge|fillerGauge|markerGauge)$"), "Value of argument 'display.visualizations.charting.chart' must be either 'line', 'area', 'column', 'bar', 'pie', 'scatter', 'bubble', 'radialGauge', 'fillerGauge', or 'markerGauge'")
display.visualizations.charting.chart.stackMode = validate( match('display.visualizations.charting.chart.stackMode', "^(default|stacked|stacked100)$"), "Value of argument 'display.visualizations.charting.chart.stackMode' must be either 'default', 'stacked', or 'stacked100'")
display.visualizations.charting.chart.nullValueMode = validate( match('display.visualizations.charting.chart.nullValueMode', "^(gaps|zero|connect)$"), "Value of argument 'display.visualizations.charting.chart.nullValueMode' must be either 'gaps', 'zero', or 'connect'")
display.visualizations.charting.chart.overlayFields = validate( typeof('display.visualizations.charting.chart.overlayFields') == "String", "Value of argument 'display.visualizations.charting.chart.overlayFields' must be a string")
display.visualizations.charting.drilldown = validate( match('display.visualizations.charting.drilldown', "^(all|none)$"), "Value of argument 'display.visualizations.charting.drilldown' must be either 'all' or 'none'")
display.visualizations.charting.chart.style = validate( match('display.visualizations.charting.chart.style', "^(minimal|shiny)$"), "Value of argument 'display.visualizations.charting.chart.style' must be either 'minimal' or 'shiny'")
display.visualizations.charting.layout.splitSeries = validate( match('display.visualizations.charting.layout.splitSeries', "^(0|1)$"), "Value of argument 'display.visualizations.charting.layout.splitSeries' must be either '0' or '1'")
display.visualizations.charting.legend.mode = validate( match('display.visualizations.charting.legend.mode', "^(standard|seriesCompare)$"), "Value of argument 'display.visualizations.charting.legend.mode' must be 'seriesCompare' or 'standard'")
display.visualizations.charting.layout.splitSeries.allowIndependentYRanges = validate( match('display.visualizations.charting.layout.splitSeries.allowIndependentYRanges', "^(0|1)$"), "Value of argument 'display.visualizations.charting.layout.splitSeries.allowIndependentYRanges' must be either '0' or '1'")
display.visualizations.charting.legend.placement = validate( match('display.visualizations.charting.legend.placement', "^(right|bottom|top|left|none)$"), "Value of argument 'display.visualizations.charting.legend.placement' must be either 'right', 'bottom', 'top', 'left', or 'none'")
display.visualizations.charting.legend.labelStyle.overflowMode = validate( match('display.visualizations.charting.legend.labelStyle.overflowMode', "^(ellipsisEnd|ellipsisMiddle|ellipsisStart)$"), "Value of argument 'display.visualizations.charting.legend.labelStyle.overflowMode' must be either 'ellipsisEnd', 'ellipsisMiddle', or 'ellipsisStart'")
display.visualizations.charting.axisTitleX.text = validate( typeof('display.visualizations.charting.axisTitleX.text') == "String", "Value of argument 'display.visualizations.charting.axisTitleX.text' must be a string")
display.visualizations.charting.axisTitleY.text = validate( typeof('display.visualizations.charting.axisTitleY.text') == "String", "Value of argument 'display.visualizations.charting.axisTitleY.text' must be a string")
display.visualizations.charting.axisTitleY2.text = validate( typeof('display.visualizations.charting.axisTitleY2.text') == "String", "Value of argument 'display.visualizations.charting.axisTitleY2.text' must be a string")
display.visualizations.charting.axisTitleX.visibility = validate( match('display.visualizations.charting.axisTitleX.visibility', "^(visible|collapsed)$"), "Value of argument 'display.visualizations.charting.axisTitleX.visibility' must be either 'visible' or 'collapsed'")
display.visualizations.charting.axisTitleY.visibility = validate( match('display.visualizations.charting.axisTitleY.visibility', "^(visible|collapsed)$"), "Value of argument 'display.visualizations.charting.axisTitleY.visibility' must be either 'visible' or 'collapsed'")
display.visualizations.charting.axisTitleY2.visibility = validate( match('display.visualizations.charting.axisTitleY2.visibility', "^(visible|collapsed)$"), "Value of argument 'display.visualizations.charting.axisTitleY2.visibility' must be either 'visible' or 'collapsed'")
display.visualizations.charting.axisY2.enabled = validate( match('display.visualizations.charting.axisY2.enabled', "^(0|1)$"), "Value of argument 'display.visualizations.charting.axisY2.enabled must be either '0' or '1'")
display.visualizations.charting.axisX.scale = validate( match('display.visualizations.charting.axisX.scale', "^(linear|log)$"), "Value of argument 'display.visualizations.charting.axisX.scale' must be either 'linear' or 'log'")
display.visualizations.charting.axisY.scale = validate( match('display.visualizations.charting.axisY.scale', "^(linear|log)$"), "Value of argument 'display.visualizations.charting.axisY.scale' must be either 'linear' or 'log'")
display.visualizations.charting.axisY2.scale = validate( match('display.visualizations.charting.axisY2.scale', "^(linear|log|inherit)$"), "Value of argument 'display.visualizations.charting.axisY2.scale' must be either 'linear' or 'log' or 'inherit'")
display.visualizations.charting.axisX.abbreviation = validate( match('display.visualizations.charting.axisX.abbreviation', "^(none|auto)$"), "Value of argument 'display.visualizations.charting.axisX.abbreviation' must be either 'none' or 'auto'")
display.visualizations.charting.axisY.abbreviation = validate( match('display.visualizations.charting.axisY.abbreviation', "^(none|auto)$"), "Value of argument 'display.visualizations.charting.axisY.abbreviation' must be either 'none' or 'auto'")
display.visualizations.charting.axisY2.abbreviation = validate( match('display.visualizations.charting.axisY2.abbreviation', "^(none|auto)$"), "Value of argument 'display.visualizations.charting.axisY2.abbreviation' must be either 'none' or 'auto'")
display.visualizations.charting.axisLabelsX.majorLabelStyle.overflowMode = validate( match('display.visualizations.charting.axisLabelsX.majorLabelStyle.overflowMode', "^(ellipsisMiddle|ellipsisNone)$"), "Value of argument 'display.visualizations.charting.axisLabelsX.majorLabelStyle.overflowMode must be either 'ellipsisMiddle' or 'ellipsisNone'")
display.visualizations.charting.axisLabelsX.majorLabelStyle.rotation = validate( match('display.visualizations.charting.axisLabelsX.majorLabelStyle.rotation', "^(-90|-45|0|45|90)$"), "Value of argument 'display.visualizations.charting.axisLabelsX.majorLabelStyle.rotation must be either '-90', '-45', '0', '45', or '90'")
display.visualizations.charting.axisLabelsX.majorUnit = validate( isnum('display.visualizations.charting.axisLabelsX.majorUnit') OR match('display.visualizations.charting.axisLabelsX.majorUnit', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisLabelsX.majorUnit' must be either a number or 'auto'")
display.visualizations.charting.axisLabelsY.majorUnit = validate( isnum('display.visualizations.charting.axisLabelsY.majorUnit') OR match('display.visualizations.charting.axisLabelsY.majorUnit', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisLabelsY.majorUnit' must be either a number or 'auto'")
display.visualizations.charting.axisLabelsY2.majorUnit = validate( isnum('display.visualizations.charting.axisLabelsY2.majorUnit') OR match('display.visualizations.charting.axisLabelsY2.majorUnit', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisLabelsY2.majorUnit' must be either a number or 'auto'")
display.visualizations.charting.axisX.minimumNumber = validate( isnum('display.visualizations.charting.axisX.minimumNumber') OR match('display.visualizations.charting.axisX.minimumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisX.minimumNumber' must be either a number or 'auto'")
display.visualizations.charting.axisY.minimumNumber = validate( isnum('display.visualizations.charting.axisY.minimumNumber') OR match('display.visualizations.charting.axisY.minimumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisY.minimumNumber' must be either a number or 'auto'")
display.visualizations.charting.axisY2.minimumNumber = validate( isnum('display.visualizations.charting.axisY2.minimumNumber') OR match('display.visualizations.charting.axisY2.minimumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisY2.minimumNumber' must be either a number or 'auto'")
display.visualizations.charting.axisX.maximumNumber = validate( isnum('display.visualizations.charting.axisX.maximumNumber') OR match('display.visualizations.charting.axisX.maximumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisX.maximumNumber' must be either a number or 'auto'")
display.visualizations.charting.axisY.maximumNumber = validate( isnum('display.visualizations.charting.axisY.maximumNumber') OR match('display.visualizations.charting.axisY.maximumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisY.maximumNumber' must be either a number or 'auto'")
display.visualizations.charting.axisY2.maximumNumber = validate( isnum('display.visualizations.charting.axisY2.maximumNumber') OR match('display.visualizations.charting.axisY2.maximumNumber', "^(auto)$"), "Value of argument 'display.visualizations.charting.axisY2.maximumNumber' must be either a number or 'auto'")
display.visualizations.charting.chart.sliceCollapsingThreshold = validate( isnum('display.visualizations.charting.chart.sliceCollapsingThreshold'), "Value of argument 'display.visualizations.charting.chart.sliceCollapsingThreshold' must be a number")
display.visualizations.charting.chart.bubbleMaximumSize = validate( isint('display.visualizations.charting.chart.bubbleMaximumSize'), "Value of argument 'display.visualizations.charting.chart.bubbleMaximumSize' must be an integer")
display.visualizations.charting.chart.bubbleMinimumSize = validate( isint('display.visualizations.charting.chart.bubbleMinimumSize'), "Value of argument 'display.visualizations.charting.chart.bubbleMinimumSize' must be an integer")
display.visualizations.charting.chart.bubbleSizeBy = validate( match('display.visualizations.charting.chart.bubbleSizeBy', "^(area|diameter)$"), "Value of argument 'display.visualizations.charting.chart.bubbleSizeBy' must be either 'area' or 'diameter'")
display.visualizations.charting.chart.showDataLabels = validate(match('display.visualizations.charting.chart.showDataLabels', "^(all|none|minmax)$"), "Value of argument 'display.visualizations.charting.chart.showDataLabels' must be either 'all', 'none' or 'minmax'")
display.visualizations.charting.lineWidth = validate( isnum('display.visualizations.charting.lineWidth'), "Value of argument 'display.visualizations.charting.lineWidth' must be a number")
display.visualizations.charting.fieldColors = validate( is_json('display.visualizations.charting.fieldColors'), "Value of argument 'display.visualizations.charting.fieldColors' must be a valid json")
display.visualizations.charting.fieldDashStyles = validate( typeof('display.visualizations.charting.fieldDashStyles') == "String", "Value of argument 'display.visualizations.charting.fieldDashStyles' must be a string")
display.visualizations.custom.drilldown = validate( match('display.visualizations.custom.drilldown', "^(all|none)$"), "Value of argument 'display.visualizations.custom.drilldown' must be either 'all' or 'none'")
display.visualizations.custom.height = validate( isint('display.visualizations.custom.height'), "Value of argument 'display.visualizations.custom.height' must be an integer")
display.visualizations.singlevalueHeight = validate( isint('display.visualizations.singlevalueHeight'), "Value of argument 'display.visualizations.singlevalueHeight' must be an integer")
display.visualizations.singlevalue.beforeLabel = validate( typeof('display.visualizations.singlevalue.beforeLabel') == "String", "Value of argument 'display.visualizations.singlevalue.beforeLabel' must be a string")
display.visualizations.singlevalue.afterLabel = validate( typeof('display.visualizations.singlevalue.afterLabel') == "String", "Value of argument 'display.visualizations.singlevalue.afterLabel' must be a string")
display.visualizations.singlevalue.underLabel = validate( typeof('display.visualizations.singlevalue.underLabel') == "String", "Value of argument 'display.visualizations.singlevalue.underLabel' must be a string")
display.visualizations.singlevalue.unit = validate( typeof('display.visualizations.singlevalue.unit') == "String", "Value of argument 'display.visualizations.singlevalue.unit' must be a string")
display.visualizations.singlevalue.unitPosition = validate( match('display.visualizations.singlevalue.unitPosition', "^(before|after)$"), "Value of argument 'display.visualizations.singlevalue.unitPosition' must be either 'before' or after'")
display.visualizations.singlevalue.drilldown = validate( match('display.visualizations.singlevalue.drilldown', "^(all|none)$"), "Value of argument 'display.visualizations.singlevalue.drilldown' must be either 'all' or 'none'")
display.visualizations.singlevalue.colorMode = validate( match('display.visualizations.singlevalue.colorMode', "^(block|none)$"), "Value of argument 'display.visualizations.singlevalue.colorMode' must be either 'block' or 'none'")
display.visualizations.singlevalue.rangeValues = validate( isstr('display.visualizations.singlevalue.rangeValues'), "Value of argument 'display.visualizations.singlevalue.rangeValues' must be a string")
display.visualizations.singlevalue.rangeColors = validate( isstr('display.visualizations.singlevalue.rangeColors'), "Value of argument 'display.visualizations.singlevalue.rangeColors' must be a string")
display.visualizations.singlevalue.trendInterval = validate( isstr('display.visualizations.singlevalue.trendInterval'), "Value of argument 'display.visualizations.singlevalue.trendInterval' must be a string")
display.visualizations.singlevalue.trendColorInterpretation = validate( match('display.visualizations.singlevalue.trendColorInterpretation', "^(standard|inverse)$"), "Value of argument 'display.visualizations.singlevalue.trendColorInterpretation' must be either 'standard' or 'inverse'")
display.visualizations.singlevalue.showTrendIndicator = validate( match('display.visualizations.singlevalue.showTrendIndicator', "^(0|1)$"), "Value of argument 'display.visualizations.singlevalue.showTrendIndicator' must be either '0' or '1'")
display.visualizations.singlevalue.showSparkline = validate( match('display.visualizations.singlevalue.showSparkline', "^(0|1)$"), "Value of argument 'display.visualizations.singlevalue.showSparkline' must be either '0' or '1'")
display.visualizations.singlevalue.trendDisplayMode = validate( match('display.visualizations.singlevalue.trendDisplayMode', "^(percent|absolute)$"), "Value of argument 'display.visualizations.singlevalue.trendDisplayMode' must be either 'percent' or 'absolute'")
display.visualizations.singlevalue.colorBy = validate( match('display.visualizations.singlevalue.colorBy', "^(value|trend)$"), "Value of argument 'display.visualizations.singlevalue.colorby' must be either 'value' or 'trend'")
display.visualizations.singlevalue.useColors = validate( match('display.visualizations.singlevalue.useColors', "^(0|1)$"), "Value of argument 'display.visualizations.singlevalue.useColors' must be either '0' or '1'")
display.visualizations.singlevalue.numberPrecision = validate( match('display.visualizations.singlevalue.numberPrecision', "^(0|0.0|0.00|0.000|0.0000)$"), "Value of argument 'display.visualizations.singlevalue.numberPrecision' must be either '0', '0.0', '0.00', '0.000', or '0.0000'")
display.visualizations.singlevalue.useThousandSeparators = validate( match('display.visualizations.singlevalue.useThousandSeparators', "^(0|1)$"), "Value of argument 'display.visualizations.singlevalue.useThousandSeparators' must be either '0' or '1'")
display.visualizations.mapHeight = validate( isint('display.visualizations.mapHeight'), "Value of argument 'display.visualizations.mapHeight' must be an integer")
display.visualizations.mapping.type = validate( match('display.visualizations.mapping.type', "^(marker|choropleth)$"), "Value of argument 'display.visualizations.mapping.type' must be either 'marker' or 'choropleth'")
display.visualizations.mapping.drilldown = validate( match('display.visualizations.mapping.drilldown', "^(all|none)$"), "Value of argument 'display.visualizations.mapping.drilldown' must be either 'all' or 'none'")
display.visualizations.mapping.map.center = validate( match('display.visualizations.mapping.map.center', "^\s*\([-+.0-9]+\s*,\s*[-+.0-9]+\)\s*$"), "Value of argument 'display.visualizations.mapping.map.center' must be of the form '(<lat>,<long>)'")
display.visualizations.mapping.map.zoom = validate( isint('display.visualizations.mapping.map.zoom'), "Value of argument 'display.visualizations.mapping.map.zoom' must be an integer")
display.visualizations.mapping.map.scrollZoom = validate( match('display.visualizations.mapping.map.scrollZoom', "^(0|1)$"), "Value of argument 'display.visualization.mapping.map.scrollZoom' must be either '0' or '1'")
display.visualizations.mapping.map.panning = validate( match('display.visualizations.mapping.map.panning', "^(0|1)$"), "Value of argument 'display.visualization.mapping.map.panning' must be either '0' or '1'")
display.visualizations.mapping.choroplethLayer.colorMode = validate( match('display.visualizations.mapping.choroplethLayer.colorMode', "^(auto|sequential|divergent|categorical)$"), "Value of argument 'display.visualizations.mapping.choroplethLayer.colorMode' must be either 'auto', 'sequential', 'divergent' or 'categorical'")
display.visualizations.mapping.choroplethLayer.colorBins = validate( isint('display.visualizations.mapping.choroplethLayer.colorBins'), "Value of argument 'display.visualizations.mapping.choroplethLayer.colorBins' must be an integer")
display.visualizations.mapping.choroplethLayer.neutralPoint = validate( isnum('display.visualizations.mapping.choroplethLayer.neutralPoint'), "Value of argument 'display.visualizations.mapping.choroplethLayer.neutralPoint' must be a number")
display.visualizations.mapping.choroplethLayer.shapeOpacity = validate( isnum('display.visualizations.mapping.choroplethLayer.shapeOpacity'), "Value of argument 'display.visualizations.mapping.choroplethLayer.shapeOpacity' must be a number")
display.visualizations.mapping.choroplethLayer.showBorder = validate( match('display.visualizations.mapping.choroplethLayer.showBorder', "^(0|1)$"), "Value of argument 'display.visualizations.mapping.choroplethLayer.showBorder' must be either '0' or '1'")
display.visualizations.mapping.markerLayer.markerOpacity = validate( isnum('display.visualizations.mapping.markerLayer.markerOpacity'), "Value of argument 'display.visualizations.mapping.markerLayer.markerOpacity' must be a number")
display.visualizations.mapping.markerLayer.markerMinSize = validate( isint('display.visualizations.mapping.markerLayer.markerMinSize'), "Value of argument 'display.visualizations.mapping.markerLayer.markerMinSize' must be an integer")
display.visualizations.mapping.markerLayer.markerMaxSize = validate( isint('display.visualizations.mapping.markerLayer.markerMaxSize'), "Value of argument 'display.visualizations.mapping.markerLayer.markerMaxSize' must be an integer")
display.visualizations.mapping.data.maxClusters = validate( isint('display.visualizations.mapping.data.maxClusters'), "Value of argument 'display.visualizations.mapping.data.maxClusters' must be an integer")
display.visualizations.mapping.showTiles = validate( match('display.visualizations.mapping.showTiles', "^(0|1)$"), "Value of argument 'display.visualizations.mapping.showTiles' must be either '0' or '1'")
display.visualizations.mapping.tileLayer.tileOpacity = validate( isnum('display.visualizations.mapping.tileLayer.tileOpacity'), "Value of argument 'display.visualizations.mapping.tileLayer.tileOpacity' must be a number")
display.visualizations.mapping.tileLayer.minZoom = validate( isint('display.visualizations.mapping.tileLayer.minZoom'), "Value of argument 'display.visualizations.mapping.tileLayer.minZoom' must be an integer")
display.visualizations.mapping.tileLayer.maxZoom = validate( isint('display.visualizations.mapping.tileLayer.maxZoom'), "Value of argument 'display.visualizations.mapping.tileLayer.maxZoom' must be an integer")
display.visualizations.mapping.legend.placement = validate( match('display.visualizations.mapping.legend.placement', "^(bottomright|none)$"), "Value of argument 'display.visualizations.mapping.legend.placement' must be either 'bottomright' or 'none'")
display.page.search.mode = validate( match('display.page.search.mode', "^(fast|smart|verbose)$"), "Value of argument 'display.page.search.mode' must be either 'fast', 'smart', or 'verbose'")
display.page.search.tab = validate( match('display.page.search.tab', "^(events|statistics|visualizations|patterns)$"), "Value of argument 'display.page.search.tab' must be either 'events', 'statistics', 'visualizations' or 'patterns'")
display.page.search.timeline.format = validate( match('display.page.search.timeline.format', "^(hidden|compact|full)$"), "Value of argument 'display.page.search.timeline.format' must be either 'hidden', 'compact', or 'full'")
display.page.search.timeline.scale = validate( match('display.page.search.timeline.scale', "^(linear|log)$"), "Value of argument 'display.page.search.timeline.scale' must be either 'linear' or 'log'")
display.page.search.showFields = validate( match('display.page.search.showFields', "^(0|1)$"), "Value of argument 'display.page.search.showFields' must be either '0' or '1'")
display.page.search.patterns.sensitivity = validate( isnum('display.page.search.patterns.sensitivity') AND 'display.page.search.patterns.sensitivity'>=0 AND 'display.page.search.patterns.sensitivity'<=1, "Value of argument 'display.page.search.patterns.sensitivity' must be a number between 0 and 1")
[validation:ui-prefs]
display.prefs.autoOpenSearchAssistant = validate( match('display.prefs.autoOpenSearchAssistant', "^(0|1)$"), "Value of argument 'display.prefs.autoOpenSearchAssistant' must be either '0' or '1'")
display.prefs.timeline.height = validate( isstr('display.prefs.timeline.height'), "Value of argument 'display.prefs.timeline.height' must be a string")
display.prefs.timeline.minimized = validate( match('display.prefs.timeline.minimized', "^(0|1)$"), "Value of argument 'display.prefs.timeline.minimized' must be either '0' or '1'")
display.prefs.timeline.minimalMode = validate( match('display.prefs.timeline.minimalMode', "^(0|1)$"), "Value of argument 'display.prefs.timeline.minimalMode' must be either '0' or '1'")
display.prefs.aclFilter = validate( match('display.prefs.aclFilter', "^(none|app|owner)$"), "Value of argument 'display.prefs.aclFilter' must be either 'none', 'app', or 'owner'")
display.prefs.appFilter = validate( isstr('display.prefs.appFilter'), "Value of argument 'display.prefs.appFilter' must be a string")
display.prefs.searchContext = validate( isstr('display.prefs.searchContext'), "Value of argument 'display.prefs.searchContext' must be a string")
display.prefs.events.count = validate( match('display.prefs.events.count', "^(10|20|50)$"), "Value of argument 'display.prefs.events.count' must be either '10', '20', or '50'")
display.prefs.statistics.count = validate( match('display.prefs.statistics.count', "^(10|20|50|100)$"), "Value of argument 'display.prefs.statistics.count' must be either '10', '20', '50', or '100'")
display.prefs.fieldCoverage = validate( match('display.prefs.fieldCoverage', "^(0|.01|.50|.90|1)$"), "Value of argument 'display.prefs.fieldCoverage' must be either '0', '.01', '.50', '.90', or '1'")
display.prefs.enableMetaData = validate( match('display.prefs.enableMetaData', "^(0|1)$"), "Value of argument 'display.prefs.enableMetaData' must be either '0' or '1'")
display.prefs.showDataSummary = validate( match('display.prefs.showDataSummary', "^(0|1)$"), "Value of argument 'display.prefs.showDataSummary' must be either '0' or '1'")
display.prefs.showSPL = validate( match('display.prefs.showSPL', "^(0|1)$"), "Value of argument 'display.prefs.showSPL' must be either '0' or '1")
display.general.enablePreview = validate( match('display.general.enablePreview', "^(0|1)$"), "Value of argument 'display.general.enablePreview' must be either '0' or '1'")
display.events.fields = validate( isstr('display.events.fields'), "Value of argument 'display.events.fields' must be a string")
display.events.type = validate( match('display.events.type', "^(raw|list|table)$"), "Value of argument 'display.events.type' must be either 'raw', 'list', or 'table'")
display.events.rowNumbers = validate( match('display.events.rowNumbers', "^(0|1)$"), "Value of argument 'display.events.rowNumbers' must be either '0' or '1'")
display.events.maxLines = validate( match('display.events.maxLines', "^(0|5|10|20|50|100|200)$"), "Value of argument 'display.events.maxLines' must be either '0', '5', '10', '20', '50', '100', or '200'")
display.events.raw.drilldown = validate( match('display.events.raw.drilldown', "^(inner|outer|full|none)$"), "Value of argument 'display.events.raw.drilldown' must be either 'inner', 'outer', 'full', or 'none'")
display.events.list.drilldown = validate( match('display.events.list.drilldown', "^(inner|outer|full|none)$"), "Value of argument 'display.events.list.drilldown' must be either 'inner', 'outer', 'full', or 'none'")
display.events.list.wrap = validate( match('display.events.list.wrap', "^(0|1)$"), "Value of argument 'display.events.list.wrap' must be either '0' or '1'")
display.events.table.drilldown = validate( match('display.events.table.drilldown', "^(0|1)$"), "Value of argument 'display.events.table.drilldown' must be either '0' or '1'")
display.events.table.wrap = validate( match('display.events.table.wrap', "^(0|1)$"), "Value of argument 'display.events.table.wrap' must be either '0' or '1'")
display.statistics.rowNumbers = validate( match('display.statistics.rowNumbers', "^(0|1)$"), "Value of argument 'display.statistics.rowNumbers' must be either '0' or '1'")
display.statistics.wrap = validate( match('display.statistics.wrap', "^(0|1)$"), "Value of argument 'display.statistics.wrap' must be either '0' or '1'")
display.statistics.drilldown = validate( match('display.statistics.drilldown', "^(row|cell|none)$"), "Value of argument 'display.statistics.drilldown' must be either 'row', 'cell', or 'none'")
display.visualizations.type = validate( match('display.visualizations.type', "^(charting|singlevalue|mapping|custom)$"), "Value of argument 'display.visualizations.type' must be either 'charting' or 'singlevalue', 'mapping' or 'custom'")
display.visualizations.chartHeight = validate( isint('display.visualizations.chartHeight'), "Value of argument 'display.visualizations.chartHeight' must be an integer")
display.visualizations.charting.chart = validate( match('display.visualizations.charting.chart', "^(line|area|column|bar|pie|scatter|bubble|radialGauge|fillerGauge|markerGauge)$"), "Value of argument 'display.visualizations.charting.chart' must be either 'line', 'area', 'column', 'bar', 'pie', 'scatter', 'bubble', 'radialGauge', 'fillerGauge', or 'markerGauge'")
display.visualizations.charting.chart.style = validate( match('display.visualizations.charting.chart.style', "^(minimal|shiny)$"), "Value of argument 'display.visualizations.charting.chart.style' must be either 'minimal' or 'shiny'")
display.visualizations.charting.legend.labelStyle.overflowMode = validate( match('display.visualizations.charting.legend.labelStyle.overflowMode', "^(ellipsisEnd|ellipsisMiddle|ellipsisStart)$"), "Value of argument 'display.visualizations.charting.legend.labelStyle.overflowMode' must be either 'ellipsisEnd', 'ellipsisMiddle', or 'ellipsisStart'")
display.page.search.patterns.sensitivity = validate( isnum('display.page.search.patterns.sensitivity') AND 'display.page.search.patterns.sensitivity'>=0 AND 'display.page.search.patterns.sensitivity'<=1, "Value of argument 'display.page.search.patterns.sensitivity' must be a number between 0 and 1")
display.page.search.mode = validate( match('display.page.search.mode', "^(fast|smart|verbose)$"), "Value of argument 'display.page.search.mode' must be either 'fast', 'smart', or 'verbose'")
display.page.search.timeline.format = validate( match('display.page.search.timeline.format', "^(hidden|compact|full)$"), "Value of argument 'display.page.search.timeline.format' must be either 'hidden', 'compact', or 'full'")
display.page.search.timeline.scale = validate( match('display.page.search.timeline.scale', "^(linear|log)$"), "Value of argument 'display.page.search.timeline.scale' must be either 'linear' or 'log'")
display.page.search.showFields = validate( match('display.page.search.showFields', "^(0|1)$"), "Value of argument 'display.page.search.showFields' must be either '0' or '1'")
display.page.search.searchHistoryTimeFilter = validate( match('display.page.search.searchHistoryTimeFilter', "^(@d|-7d@d|-30d@d|-60d@d|-90d@d)$"), "Value of argument 'display.page.search.searchHistoryTimeFilter' must be either '@d', '-7d@d', '-30d@d', '-60d@d', or '-90d@d'")
display.page.search.searchHistoryCount = validate( match('display.page.search.searchHistoryCount', "^(10|20|50)$"), "Value of argument 'display.page.search.searchHistoryCount' must be either '10', '20', or '50'")
[validation:scheduledviews]
action.email.to = validate( match('action.email.to', "(?i)^(?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})(?:\s*[,;]\s*(?:[^@\s]+@(?:[^@\s]+\.)+[a-z]{2,}))*$"), "One of the email addresses in 'action.email.to' is invalid")
action.email.cc = validate( match('action.email.cc', "(?i)^(?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})(?:\s*[,;]\s*(?:[^@\s]+@(?:[^@\s]+\.)+[a-z]{2,}))*$"), "One of the email addresses in 'action.email.cc' is invalid")
action.email.bcc = validate( match('action.email.bcc', "(?i)^(?:[^@\s]+@(?:[^@\s.]+\.)+[a-z]{2,})(?:\s*[,;]\s*(?:[^@\s]+@(?:[^@\s]+\.)+[a-z]{2,}))*$"), "One of the email addresses in 'action.email.bcc' is invalid")
action.email.priority = validate( match('action.email.priority', "^([1-5])$"), "Value of argument 'action.email.priority' must be either '1', '2', '3', '4', '5'")
[validation:search-concurrency-settings-handler]
total_search_concurrency_limit = validate( match('total_search_concurrency_limit', "auto") OR isint('total_search_concurrency_limit') AND 'total_search_concurrency_limit' >= 1, "Value of argument 'total_search_concurrency_limit' must be 'auto' or a positive integer." )
base_max_searches = validate( isint('base_max_searches') AND 'base_max_searches' >= 1 AND 'base_max_searches' <= 512, "Value of argument 'base_max_searches' must be an integer in the range 1-512." )
max_searches_per_cpu = validate( isint('max_searches_per_cpu') AND 'max_searches_per_cpu' >= 0 AND 'max_searches_per_cpu' <= 16, "Value of argument 'max_searches_per_cpu' must be an integer in the range 0-16." )
max_rt_search_multiplier = validate( isnum('max_rt_search_multiplier') AND 'max_rt_search_multiplier' >= 0 AND 'max_rt_search_multiplier' <= 16, "Value of argument 'max_rt_search_multiplier' must be a floating point number in the range 0-16." )
auto_summary_perc = validate( isint('auto_summary_perc') AND 'auto_summary_perc' >= 0 AND 'auto_summary_perc' <= 100, "Value of argument 'auto_summary_perc' must be an integer in the range 0-100." )
max_searches_perc = validate( isint('max_searches_perc') AND 'max_searches_perc' >= 1 AND 'max_searches_perc' <= 100, "Value of argument 'max_searches_perc' must be an integer in the range 1-100." )
shc_adhoc_quota_enforcement = validate( match('shc_adhoc_quota_enforcement', "^(on|off|overflow)$"), "Value of 'shc_adhoc_quota_enforcement' must be 'on', 'off', or 'overflow'.")
[validation:conf-alert_actions]
reportPaperSize = match('reportPaperSize', "(?i)letter|legal|ledger|a2|a3|a4|a5")
reportPaperOrientation = match('reportPaperOrientation', "(?i)portrait|landscape")
mailserver = validate( match('mailserver', "^(?:([ ]*)?)([a-zA-Z]|[a-zA-Z0-9][a-zA-Z0-9_\\-.]*[a-zA-Z0-9]|[0-9a-fA-F:]*:[0-9a-fA-F:]*:[0-9a-fA-F:]*|\\[[0-9a-fA-F:]*:[0-9a-fA-F:]*:[0-9a-fA-F:]*\\])(:[1-9][0-9]*)?(?:([ ]*)?)$"), "Invalid Mail host")
hostname = validate( match('hostname', "^(?:((https|http)(\:\/\/))?)([a-zA-Z]|[a-zA-Z0-9][a-zA-Z0-9_\\-.]*[a-zA-Z0-9]|[0-9a-fA-F:]*:[0-9a-fA-F:]*:[0-9a-fA-F:]*|\\[[0-9a-fA-F:]*:[0-9a-fA-F:]*:[0-9a-fA-F:]*\\])(:[1-9][0-9]*)?$"), "Invalid Link hostname")
[validation:distsearch-setup]
serverTimeout = isint('serverTimeout') AND 'serverTimeout'>=0
statusTimeout = isint('statusTimeout') AND 'statusTimeout'>=0
connectionTimeout = isint('connectionTimeout') AND 'connectionTimeout'>=0
sendTimeout = isint('sendTimeout') AND 'sendTimeout'>=0
receiveTimeout = isint('receiveTimeout') AND 'receiveTimeout'>=0
checkTimedOutServersFrequency = isint('checkTimedOutServersFrequency') AND 'checkTimedOutServersFrequency'>=0
[restreplayshc]
methods = POST, PUT, DELETE
nodelists = shc
nodes =
filternodes =
[validation:datamodeledit]
name = validate( NOT match('name', "\."), "Dataset name cannot contain '.'")
description = validate( is_json('description'), "Value of argument 'description' must be a valid json")
search = validate( len(trim('search')) > 0, "Value of argument 'search' may not be empty")
dataset.type = validate( match('dataset.type', "^(datamodel|table)$"), "Value of argument 'dataset.type' must be one of {'datamodel','table'}")
dataset.commands = validate( is_json('dataset.commands'), "Value of argument 'dataset.commands' must be a valid json")
dataset.fields = validate( is_json('dataset.fields'), "Value of argument 'dataset.fields' must be a valid json")
dataset.display.diversity = validate( match('dataset.display.diversity', "^(latest|random|diverse|rare)$"), "Value of argument 'dataset.display.diversity' must be one of {'latest, 'random', 'diverse', 'rare'}")
dataset.display.limiting = validate( isnum('dataset.display.limiting'), "Value of argument 'dataset.display.limiting' must be a number")
dataset.display.currentCommand = validate( is_nonneg_int('dataset.display.currentCommand'), "Value of argument 'dataset.display.currentCommand' must be positive integer")
dataset.display.mode = validate( match('dataset.display.mode', "^(table|datasummary)$"), "Value of argument 'dataset.display.mode' must be one of {'table', 'datasummary'}")
dataset.display.datasummary.earliestTime = validate( is_time('dataset.display.datasummary.earliestTime'), "Value of 'dataset.display.datasummary.earliestTime' must be a time string")
dataset.display.datasummary.latestTime = validate( is_time('dataset.display.datasummary.latestTime'), "Value of 'dataset.display.datasummary.latestTime' must be a time string")
[validation:health-report-config]
suppress_status_update_ms = validate( is_nonneg_int('suppress_status_update_ms') AND 'suppress_status_update_ms'<2629746000, "Value of argument 'suppress_status_update_ms' must be a number and less than a month")
full_health_log_interval = validate( is_nonneg_int('full_health_log_interval') AND 'full_health_log_interval'>0, "Value of argument 'full_health_log_interval' must be a positive number.")
alert.disabled = validate( is_bool('alert.disabled'), "Value of 'alert.disabled' must be a boolean")
alert.min_duration_sec = validate( is_nonneg_int('alert.min_duration_sec') AND 'alert.min_duration_sec'<86400000, "Value of argument 'alert.min_duration_sec' must be a number and less than a day")
alert.threshold_color = validate( match('alert.threshold_color', "^(yellow|red)$"), "Value of 'alert.threshold_color' must be either 'yellow' or 'red'")
alert.suppress_period = validate ( match('alert.suppress_period', "^(\d+[hmsd])$"), "Value of argument alert.suppress_period must be of the format <integer>[smhd]")
action.to = validate( match('action.to', "(?i)^((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$)))*$"), "One of the email addresses in 'Send email alerts to (action.to)' is invalid")
action.cc = validate( match('action.cc', "(?i)^((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$)))*$"), "One of the email addresses in 'CC (action.cc)' is invalid")
action.bcc = validate( match('action.bcc', "(?i)^((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$))(?:\s*[,;]\s*((?:[^@\s<>()=]+@(?:[^@\s.<>()=]+\.)+[a-z]{2,})|(\$([\w.*#\- ]+)(?:\{([^}<>()=]+)\})?\$)))*$"), "One of the email addresses in 'BCC (action.bcc)' is invalid")
[validation:localapps-python]
merge-local-meta = validate( is_bool('merge-local-meta'), "Incorrect parameter value for 'merge-local-meta'. Specify one of the following: true/false, t/f, or 0/1.")
exclude-local-meta = validate( is_bool('exclude-local-meta'), "Incorrect parameter value for 'exclude-local-meta'. Specify one of the following: true/false, t/f, or 0/1.")
dest= validate( match('dest', "^(default|local)$"), "Value of argument 'dest' must be either 'default' or 'local'")
# /////////////////////////////////////////////////////////////////////////////
# Specific orchestrator handler settings for SPL2
# /////////////////////////////////////////////////////////////////////////////
[spl2-module-dispatch:spl2-module-dispatch]
match = /search/spl2-module-dispatch
requireAuthentication = true
capability.post = search
Reference in new issue View Git Blame Copy Permalink

Powered by BW's shoe-string budget.