Splunk Add-on for Microsoft Cloud Services 5.3.2 修改支持中国区
1. 修改Json文件
文件位置: Splunk_TA_microsoft-cloudservices/appserver/static/js/build/globalConfig.json
{
"pages": {
"configuration": {
"title": "Configuration",
"description": "Manage your account and connection settings for the Splunk Add-on for Microsoft Cloud Services.",
"tabs": [
{
"name": "azureaccount",
"title": "Azure App Account",
"hook": {
"type": "external",
"src": "AzureAccountHook"
},
"conf": "mscs_azure_accounts",
"table": {
"actions": [
"edit",
"delete",
"clone"
],
"header": [
{
"field": "name",
"label": "Name"
},
{
"field": "client_id",
"label": "Client ID"
},
{
"field": "tenant_id",
"label": "Tenant ID"
},
{
"field": "account_class_type",
"label": "Account Class Type",
"mapping": {
"1": "Azure Public Account",
"2": "Azure Government Account"
}
}
],
"moreInfo": [
{
"field": "client_id",
"label": "Client ID"
},
{
"field": "tenant_id",
"label": "Tenant ID"
}
]
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"options": {}
},
{
"field": "client_id",
"label": "Client ID",
"type": "text",
"required": true,
"options": {}
},
{
"field": "client_secret",
"label": "Key (Client Secret)",
"type": "text",
"encrypted": true,
"required": true,
"options": {}
},
{
"field": "tenant_id",
"label": "Tenant ID",
"type": "text",
"required": true,
"options": {}
},
{
"field": "account_class_type",
"label": "Account Class Type",
"type": "singleSelect",
"defaultValue": "1",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"label": "Azure Public Account",
"value": "1"
},
{
"label": "Azure Government Account",
"value": "2"
}
]
}
},
{
"field": "app_account_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureazureappaccount"
}
}
],
"options": {
"saveValidator": "function(formData) { if(formData.name === formData.name.trim()) {return true; } return 'Name with the leading or trailing space is not allowed.'; }"
}
},
{
"name": "storageaccount",
"title": "Azure Storage Account",
"conf": "mscs_storage_accounts",
"hook": {
"type": "external",
"src": "config_storage_account.1.0.0"
},
"table": {
"actions": [
"edit",
"delete",
"clone"
],
"header": [
{
"field": "name",
"label": "Name"
},
{
"field": "account_name",
"label": "Account Name"
},
{
"field": "account_secret_type",
"label": "Account Secret Type",
"mapping": {
"1": "Access Key",
"2": "Account Token",
"0": "None Secret"
}
},
{
"field": "account_class_type",
"label": "Account Class Type",
"mapping": {
"1": "Azure Public Account",
"2": "Azure Government Account"
}
}
],
"moreInfo": [
{
"field": "account_name",
"label": "Account Name"
},
{
"field": "account_secret_type",
"label": "Account Secret Type",
"mapping": {
"1": "Access Key",
"2": "Account Token",
"0": "None Secret"
}
}
]
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"options": {}
},
{
"field": "account_name",
"label": "Account Name",
"type": "text",
"required": true,
"options": {}
},
{
"field": "account_secret",
"label": "Account Secret",
"type": "text",
"encrypted": true,
"required": false,
"help": "You can enter Access Key or Access Token in the Account Secret field. If you select 'None Secret', you can leave the 'Account Secret' field empty."
},
{
"field": "account_secret_type",
"label": "Account Secret Type",
"type": "singleSelect",
"defaultValue": "1",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"label": "Access Key",
"value": "1"
},
{
"label": "Account Token",
"value": "2"
},
{
"label": "None Secret",
"value": "0"
}
]
},
"help": "For Storage Table Inputs, you can only chose Access Key or Account Token."
},
{
"field": "account_class_type",
"label": "Account Class Type",
"type": "singleSelect",
"defaultValue": "1",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "1",
"label": "Azure Public Account"
},
{
"value": "2",
"label": "Azure Government Account"
}
]
}
},
{
"field": "storage_account_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configurestorageaccount"
}
}
],
"options": {
"saveValidator": "function(formData) { if(formData.name === formData.name.trim()) {return true; } return 'Name with the leading or trailing space is not allowed.'; }"
}
},
{
"name": "proxy",
"title": "Proxy",
"hook": {
"type": "external",
"src": "ProxyHook"
},
"entity": [
{
"field": "proxy_enabled",
"label": "Enable",
"type": "checkbox"
},
{
"field": "proxy_type",
"label": "Proxy Type",
"type": "singleSelect",
"defaultValue": "http",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "http",
"label": "http"
}
]
}
},
{
"field": "proxy_rdns",
"label": "DNS Resolution",
"type": "checkbox"
},
{
"field": "proxy_url",
"label": "Host",
"type": "text",
"required": true,
"options": {},
"validators": [
{
"type": "string",
"maxLength": 4096,
"minLength": 0,
"errorMsg": "Maximum length allowed for host is 4096"
},
{
"type": "regex",
"pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$",
"errorMsg": "The Host field can contain letters, numbers, dots(.) and hyphens(-)"
}
]
},
{
"field": "proxy_port",
"label": "Port",
"type": "text",
"required": true,
"options": {},
"validators": [
{
"type": "number",
"range": [
1,
65535
]
}
]
},
{
"field": "proxy_username",
"label": "Username",
"type": "text",
"validators": [
{
"type": "string",
"maxLength": 50,
"minLength": 0,
"errorMsg": "Maximum length allowed for username is 50"
}
]
},
{
"field": "proxy_password",
"label": "Password",
"type": "text",
"encrypted": true
}
]
},
{
"name": "logging",
"title": "Logging",
"hook": {
"type": "external",
"src": "LoggingHook"
},
"entity": [
{
"field": "agent",
"label": "Log level",
"type": "singleSelect",
"defaultValue": "INFO",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "DEBUG",
"label": "DEBUG"
},
{
"value": "INFO",
"label": "INFO"
},
{
"value": "WARN",
"label": "WARN"
},
{
"value": "ERROR",
"label": "ERROR"
},
{
"value": "CRITICAL",
"label": "CRITICAL"
}
]
}
}
]
}
]
},
"inputs": {
"title": "Inputs",
"description": "Create inputs to collect data from Microsoft Cloud Services.",
"services": [
{
"name": "mscs_azure_event_hub",
"title": "Azure Event Hub",
"hook": {
"type": "external",
"src": "input_azure_eventhub.1.0.0"
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"options": {}
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "event_hub_namespace",
"label": "Event Hub Namespace(FQDN)",
"type": "text",
"required": true
},
{
"field": "event_hub_name",
"label": "Event Hub Name",
"type": "text",
"required": true
},
{
"field": "consumer_group",
"label": "Consumer Group",
"type": "text",
"defaultValue": "$Default",
"required": true
},
{
"field": "max_wait_time",
"label": "Max Wait Time",
"type": "text",
"defaultValue": "10",
"required": true
},
{
"field": "max_batch_size",
"label": "Max Batch Size",
"type": "text",
"defaultValue": "300",
"required": true
},
{
"field": "use_amqp_over_websocket",
"label": "Transport Type",
"type": "radio",
"defaultValue": "1",
"required": true,
"options": {
"items": [
{
"label": "AMQP over WebSocket",
"value": "1"
},
{
"label": "AMQP",
"value": "0"
}
]
}
},
{
"field": "ensure_ascii",
"label": "Enforce ASCII encoding (JSON)",
"type": "radio",
"defaultValue": "0",
"required": true,
"options": {
"items": [
{
"label": "Strict ASCII",
"value": "1"
},
{
"label": "Native encoding",
"value": "0"
}
]
}
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"required": true,
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "sourcetype",
"label": "Sourcetype",
"type": "singleSelect",
"defaultValue": "mscs:azure:eventhub",
"required": true,
"help": "Select a sourcetype according to configured eventhub and diagnostic settings.",
"options": {
"createSearchChoice": true,
"autoCompleteFields": [
{
"value": "mscs:azure:eventhub",
"label": "mscs:azure:eventhub"
},
{
"value": "azure:monitor:aad",
"label": "azure:monitor:aad"
},
{
"value": "azure:monitor:activity",
"label": "azure:monitor:activity"
},
{
"value": "azure:monitor:resource",
"label": "azure:monitor:resource"
}
]
}
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"defaultValue": "300",
"required": true,
"help": "Collection interval for this input (in seconds).",
"options": {},
"validators": [
{
"type": "number",
"range": [
1,
31536000
]
}
]
},
{
"field": "blob_checkpoint_enabled",
"label": "Enable Blob Checkpoint Store",
"type": "checkbox",
"help": "Azure Storage Account and Container Name is required when this is enabled"
},
{
"field": "storage_account",
"label": "Azure Storage Account",
"type": "singleSelect",
"help": "Enter the storage account for configuring Blob Checkpoint Store",
"options": {
"referenceName": "storageaccount"
}
},
{
"field": "container_name",
"label": "Container Name",
"type": "text",
"help": "Enter the container name under the storage account. You can only add one container name for each input.",
"options": {},
"validators": [
{
"type": "regex",
"pattern": "^.{3,63}$",
"errorMsg": "The Container Name must be between 3 and 63 characters long."
},
{
"type": "regex",
"pattern": "^[0-9a-z-]*$",
"errorMsg": "This Container Name can only contain lowercase letters, numbers and hyphens."
},
{
"type": "regex",
"pattern": "^(?!.*--)[^-].*[^-]$",
"errorMsg": "The Container Name must begin with a letter or a number and each hyphen must be preceded and followed by a non-hyphen character."
}
]
},
{
"field": "sourcetype_configuration_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureeventhubs"
}
}
],
"options": {
"saveValidator": "function(formData) { if(!formData.blob_checkpoint_enabled || formData.blob_checkpoint_enabled === '0') {return true; } if (!formData.storage_account) {return 'Field Azure Storage Account is required';} if(!formData.container_name) { return 'Field Container Name is required'; } return true; }"
}
},
{
"name": "mscs_storage_table",
"title": "Azure Storage Table",
"hook": {
"type": "external",
"src": "input_storage_table.1.0.0"
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"options": {}
},
{
"field": "account",
"label": "Azure Storage Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "storageaccount"
}
},
{
"field": "storage_table_type",
"label": "Input type",
"type": "radio",
"defaultValue": "storage_table",
"required": true,
"help": "Choose the data input you want to add",
"options": {
"items": [
{
"label": "Storage table",
"value": "storage_table"
},
{
"label": "Virtual Machine Metrics",
"value": "vm_metrics"
}
]
}
},
{
"field": "table_list",
"label": "Table List",
"type": "text",
"required": true,
"help": "The names of the tables to query. You can enter specific table name, wildcard or regex syntax, e.g. table, test*, :table\\d+. For metrics tables, enter the full table name, e.g., $MetricsCapacityBlob.",
"options": {}
},
{
"field": "start_time",
"label": "Start Time",
"type": "text",
"required": false,
"help": "The add-on starts collecting data with a date later than this time. The default start time is 30 days ago. Format: YYYY-MM-DDThh:mm:ssTZD",
"options": {},
"validators": [
{
"type": "regex",
"errorMsg": "Field \"Start Time\" is not in format: YYYY-MM-DDThh:mm:ssTZD",
"pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}([+-]\\d{2}:\\d{2}|Z)$"
}
]
},
{
"field": "collection_interval",
"label": "Interval",
"type": "text",
"defaultValue": "3600",
"required": true,
"help": "Collection interval for this input (in seconds).",
"options": {},
"validators": [
{
"type": "number",
"range": [
1,
31536000
]
}
]
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"required": true,
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "sourcetype",
"label": "Sourcetype",
"type": "text",
"defaultValue": "mscs:storage:table",
"required": true,
"help": "Default: mscs:storage:table",
"options": {}
},
{
"field": "storage_input_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureinputs4"
}
},
{
"field": "storage_virtual_metrics_input_help_link",
"label": " ",
"type": "helpLink",
"options": {
"display": false,
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureinputs6"
}
}
]
},
{
"name": "mscs_storage_blob",
"title": "Azure Storage Blob",
"groups": [
{
"label": "Advanced Settings",
"options": {
"expand": false,
"isExpandable": true
},
"fields": [
"blob_mode",
"blob_compression",
"read_timeout"
]
}
],
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"options": {}
},
{
"field": "account",
"label": "Azure Storage Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "storageaccount"
}
},
{
"field": "container_name",
"label": "Container Name",
"type": "text",
"required": true,
"help": "Enter the container name under the storage account. You can only add one container name for each input.",
"options": {},
"validators": [
{
"type": "regex",
"pattern": "^.{3,63}$",
"errorMsg": "The Container Name must be between 3 and 63 characters long."
},
{
"type": "regex",
"pattern": "^[0-9a-z-]*$",
"errorMsg": "This Container Name can only contain lowercase letters, numbers and hyphens."
},
{
"type": "regex",
"pattern": "^(?!.*--)[^-].*[^-]$",
"errorMsg": "The Container Name must begin with a letter or a number and each hyphen must be preceded and followed by a non-hyphen character."
}
]
},
{
"field": "prefix",
"label": "Prefix",
"type": "text",
"required": false,
"help": "Input will only collect the data from the blobs whose names begin with specified prefix.",
"options": {},
"validators": [
{
"type": "string",
"errorMsg": "Length of Prefix field should not be more than 4000.",
"minLength": 0,
"maxLength": 4000
}
]
},
{
"field": "blob_list",
"label": "Blob List",
"type": "text",
"required": false,
"help": "Enter the Blob name which you want to collect the data from. You can add multiple blob names separated by commas. For example, blob, testblob* or {\"blob1\":1, \"test*\":2, \"blob\\d+\":3}"
},
{
"field": "exclude_blob_list",
"label": "Excluded Blob List",
"type": "text",
"required": false,
"help": "Enter the Blob name that you do not want to collect the data from. You can add multiple blob names separated by commas."
},
{
"field": "decoding",
"label": "Decoding",
"type": "text",
"required": false,
"help": "Specify the character set of the blobs. e.g UTF-8, UTF-32, etc..",
"validators": [
{
"type": "regex",
"errorMsg": "Decoding may contain only letters, numbers, underscores or hyphens. They must begin with a letter or number.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "collection_interval",
"label": "Interval",
"type": "text",
"defaultValue": "3600",
"required": true,
"help": "Collection interval for this input (in seconds).",
"options": {},
"validators": [
{
"type": "number",
"range": [
1,
31536000
]
}
]
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"required": true,
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "sourcetype",
"label": "Sourcetype",
"type": "text",
"defaultValue": "mscs:storage:blob",
"required": true,
"help": "To simplify field extraction, enter one of the following predefined sourcetypes: mscs:storage:blob:json or mscs:storage:blob:xml. Default: mscs:storage:blob",
"options": {}
},
{
"field": "blob_input_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureinputs5"
}
},
{
"field": "blob_mode",
"label": "Blob Mode",
"type": "singleSelect",
"defaultValue": "random",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"label": "Random",
"value": "random"
},
{
"label": "Append",
"value": "append"
}
]
},
"help": "Select Append Mode to retrieve only the incremental changes and select Random Mode to retrieve the entire blob again on an update"
},
{
"field": "blob_compression",
"label": "Blob Compression Type",
"type": "singleSelect",
"defaultValue": "not_compressed",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"label": "Not compressed",
"value": "not_compressed"
},
{
"label": "Gzip",
"value": "gzip"
}
]
},
"help": "Select proper compression type if blobs are compressed. Otherwise select 'Not compressed' value. Compression is only supported for random blob mode."
},
{
"field": "read_timeout",
"label": "Read Timeout",
"type": "text",
"defaultValue": "60",
"required": true,
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Read Timeout must be a non-zero positive integer."
},
{
"type": "number",
"range": [
1,
80000
]
}
],
"options": {},
"help": "Specify the maximum amount of time (in seconds) to wait for a response from the Azure Storage service when reading data"
}
]
},
{
"name": "mscs_azure_audit",
"title": "Azure Audit",
"conf": "mscs_azure_audit_inputs",
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"options": {}
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "subscription_id",
"label": "Subscription ID",
"type": "text",
"required": true,
"help": "You can add only one subscription ID for each input.",
"options": {}
},
{
"field": "start_time",
"label": "Start Time",
"type": "text",
"required": false,
"help": "The add-on starts collecting data with a date later than this time. The default start time is 30 days ago. Format: YYYY-MM-DDThh:mm:ssTZD",
"options": {},
"validators": [
{
"type": "regex",
"errorMsg": "Field \"Start Time\" is not in format: YYYY-MM-DDThh:mm:ssTZD",
"pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}([+-]\\d{2}:\\d{2}|Z)$"
}
]
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"defaultValue": "3600",
"required": true,
"help": "Collection interval for this input (in seconds).",
"options": {},
"validators": [
{
"type": "number",
"range": [
1,
31536000
]
}
]
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"required": true,
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
],
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
}
},
{
"field": "audit_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureinputs2"
}
}
]
},
{
"name": "mscs_azure_resource",
"title": "Azure Resource",
"conf": "mscs_azure_resource_inputs",
"hook": {
"type": "external",
"src": "input_azure_resource.1.0.0"
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"options": {}
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "resource_type",
"label": "Resource Type",
"type": "singleSelect",
"required": true,
"defaultValue": "virtual_machine",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"label": "Disk Data",
"value": "disk_data"
},
{
"label": "Image Data",
"value": "image_data"
},
{
"label": "Network Interface Card",
"value": "network_interface_card"
},
{
"label": "Public IP Address",
"value": "public_ip_address"
},
{
"label": "Resource Groups",
"value": "resource_groups"
},
{
"label": "Security Groups",
"value": "security_groups"
},
{
"label": "Snapshot Data",
"value": "snapshot_data"
},
{
"label": "Subscriptions",
"value": "subscriptions"
},
{
"label": "Virtual Machine",
"value": "virtual_machine"
},
{
"label": "Virtual Network",
"value": "virtual_network"
}
]
}
},
{
"field": "subscription_id",
"label": "Subscription ID",
"type": "text",
"required": false,
"help": "You can add only one subscription ID for each input.",
"options": {}
},
{
"field": "resource_group_list",
"label": "Resource Group List",
"type": "text",
"required": false,
"help": "You can enter one or multiple resource groups separated by commas. If you leave this field empty, this add-on will query all resources belong to the subscription ID."
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"required": true,
"help": "Time interval of input in seconds.",
"defaultValue": "3600",
"validators": [
{
"type": "number",
"range": [
1,
31536000
]
}
],
"options": {}
},
{
"type": "singleSelect",
"label": "Index",
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
],
"defaultValue": "default",
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"field": "index",
"required": true
},
{
"field": "resource_help_link",
"label": "",
"type": "helpLink",
"options": {
"text": "Learn more",
"link": "https://splunk.github.io/splunk-add-on-for-microsoft-cloud-services/Configureinputs3"
}
}
]
},
{
"name": "mscs_azure_metrics",
"title": "Azure Metrics",
"hook": {
"type": "external",
"src": "input_azure_metric.1.0.0"
},
"groups": [
{
"label": "Advanced Settings",
"options": {
"expand": false,
"isExpandable": true
},
"fields": [
"number_of_threads"
]
}
],
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"validators": [
{
"errorMsg": "Name must begin with a letter and consist exclusively of alphanumeric characters and underscores.",
"type": "regex",
"pattern": "^[a-zA-Z]\\w*$"
},
{
"type": "string",
"maxLength": 150,
"minLength": 1,
"errorMsg": "Length of Name should be between 1 and 150."
}
],
"options": {}
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "subscription_id",
"label": "Subscription IDs",
"type": "text",
"required": true,
"help": "Comma-separated list of subscriptions.",
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 8192,
"errorMsg": "Length of Subscription ID should be between 1 and 8192."
}
],
"options": {}
},
{
"field": "namespaces",
"label": "Namespaces",
"type": "textarea",
"help": "Comma-separated list of metric namespaces to query. Refer to section 'Supported metrics with Azure Monitor' in microsoft document for list of available metrics namespaces. Example: Microsoft.Compute/virtualMachines",
"required": true,
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 8192,
"errorMsg": "Length of Namespaces should be between 1 and 8192."
}
],
"options": {
"rowsMin": 3,
"rowsMax": 15
}
},
{
"field": "metric_statistics",
"label": "Metric Statistics",
"help": "Select Metric statistics",
"required": true,
"type": "multipleSelect",
"defaultValue": "average",
"options": {
"delimiter": ",",
"items": [
{
"value": "average",
"label": "Average"
},
{
"value": "minimum",
"label": "Minimum"
},
{
"value": "maximum",
"label": "Maximum"
},
{
"value": "total",
"label": "Total"
},
{
"value": "count",
"label": "Count"
}
]
}
},
{
"field": "preferred_time_aggregation",
"label": "Preferred Time Aggregation",
"help": "If the preferred time period is not available for a specific metric in the namespace, the next available preferred time will be used.",
"required": true,
"type": "singleSelect",
"defaultValue": "PT1M",
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "PT1M",
"label": "1 minute"
},
{
"value": "PT5M",
"label": "5 minutes"
},
{
"value": "PT15M",
"label": "15 minutes"
},
{
"value": "PT30M",
"label": "30 minutes"
},
{
"value": "PT1H",
"label": "1 hour"
},
{
"value": "PT6H",
"label": "6 hours"
},
{
"value": "PT12H",
"label": "12 hours"
},
{
"value": "P1D",
"label": "1 day"
}
]
}
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"required": true,
"help": "Time interval of input in seconds.",
"defaultValue": "300",
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Interval must be a non-zero positive integer."
},
{
"type": "number",
"range": [
1,
31536000
]
}
],
"options": {}
},
{
"type": "radio",
"label": "Use Metric Index?",
"field": "metric_index_flag",
"defaultValue": "yes",
"help": "Select whether or not to use the Metric Index.",
"required": false,
"options": {
"items": [
{
"value": "yes",
"label": "Yes"
},
{
"value": "no",
"label": "No"
}
]
}
},
{
"type": "singleSelect",
"label": "Index",
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
],
"options": {
"endpointUrl": "splunk_ta_mscs/splunk_ta_mscs_index",
"labelField": "index",
"createSearchChoice": true,
"denyList": "^_.*$",
"dependencies": [
"metric_index_flag"
]
},
"field": "index",
"required": true
},
{
"type": "helpLink",
"field": "index_link",
"label": "",
"help": "",
"tooltip": "",
"options": {
"text": "Learn more about event/metric indexes",
"link": "https://docs.splunk.com/Documentation/Splunk/latest/Indexer/Setupmultipleindexes"
}
},
{
"field": "sourcetype",
"label": "Sourcetype",
"type": "text",
"defaultValue": "mscs:metrics",
"required": true
},
{
"field": "number_of_threads",
"label": "Number of Threads",
"help": "The number of threads used to collect metric data in parallel",
"required": true,
"type": "text",
"defaultValue": "5",
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Number of threads must be a non-zero positive integer."
},
{
"type": "number",
"range": [
1,
256
]
}
]
}
]
},
{
"name": "mscs_azure_kql",
"title": "Azure KQL Log Analytics",
"groups": [
{
"label": "Advanced Settings",
"options": {
"expand": false,
"isExpandable": true
},
"fields": [
"index_stats",
"index_empty_values"
]
}
],
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"validators": [
{
"errorMsg": "Name must begin with a letter and consist exclusively of alphanumeric characters and underscores.",
"type": "regex",
"pattern": "^[a-zA-Z]\\w*$"
},
{
"type": "string",
"maxLength": 150,
"minLength": 1,
"errorMsg": "Length of Name should be between 1 and 150."
}
],
"options": {}
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"required": true,
"help": "Time interval of input in seconds.",
"defaultValue": "3600",
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Interval must be a non-zero positive integer."
},
{
"type": "number",
"range": [
1,
31536000
]
}
],
"options": {}
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"required": true,
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"help": "Select Azure App account.",
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "workspace_id",
"label": "Workspace ID",
"type": "text",
"help": "Enter the Azure Log Analytics Workspace ID.",
"required": true,
"defaultValue": "",
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 1000,
"errorMsg": "Length of Workspace ID should be between 1 and 1000."
}
],
"options": {}
},
{
"field": "kql_query",
"label": "KQL Query",
"type": "textarea",
"help": "Enter the Azure KQL Query for collecting data from provided Azure Workspace.",
"required": true,
"defaultValue": "",
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 8192,
"errorMsg": "Length of KQL Query should be between 1 and 8192."
}
],
"options": {
"rowsMin": 3,
"rowsMax": 15
}
},
{
"field": "sourcetype",
"label": "Sourcetype",
"type": "text",
"defaultValue": "mscs:kql",
"required": true,
"help": "Enter sourcetype in which data will be ingested. Default: mscs:kql",
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 8192,
"errorMsg": "Length of Sourcetype should be between 1 and 8192."
}
],
"options": {}
},
{
"field": "index_stats",
"label": "Index KQL Statistics",
"type": "checkbox",
"help": "If checked, the input will index statistics about the KQL query. The term ':stats' will be appended to the specified sourcetype for the statistical data."
},
{
"field": "index_empty_values",
"label": "Index Empty Field Values",
"type": "checkbox",
"help": "If checked, the input will also index event's field having an empty value."
}
]
},
{
"name": "mscs_azure_consumption",
"title": "Azure Consumption(Billing)",
"hook": {
"type": "external",
"src": "input_azure_consumption.1.0.0"
},
"entity": [
{
"field": "name",
"label": "Name",
"type": "text",
"required": true,
"help": "Add unique name for the input",
"validators": [
{
"errorMsg": "Name must begin with a letter and consist exclusively of alphanumeric characters and underscores.",
"type": "regex",
"pattern": "^[a-zA-Z]\\w*$"
},
{
"type": "string",
"maxLength": 150,
"minLength": 1,
"errorMsg": "Length of Name should be between 1 and 150."
}
],
"options": {}
},
{
"field": "account",
"label": "Azure App Account",
"type": "singleSelect",
"required": true,
"options": {
"referenceName": "azureaccount"
}
},
{
"field": "subscription_id",
"label": "Subscription ID",
"help": "You can add only one subscription ID for each input.",
"required": true,
"type": "text",
"options": {
"disableonEdit": true
},
"validators": [
{
"type": "string",
"minLength": 1,
"maxLength": 8192,
"errorMsg": "Length of Subscription ID should be between 1 and 8192."
}
]
},
{
"field": "data_type",
"label": "Data Type",
"type": "singleSelect",
"defaultValue": "Usage Details",
"required": true,
"options": {
"disableSearch": true,
"autoCompleteFields": [
{
"value": "Reservation Recommendation",
"label": "Reservation Recommendation"
},
{
"value": "Usage Details",
"label": "Usage Details"
}
]
}
},
{
"field": "interval",
"label": "Interval",
"type": "text",
"required": true,
"defaultValue": "86400",
"help": "Time interval of input in seconds.",
"options": {},
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Interval must be a non-zero positive integer."
},
{
"type": "number",
"range": [
1,
31536000
]
}
]
},
{
"field": "index",
"label": "Index",
"type": "singleSelect",
"defaultValue": "default",
"options": {
"endpointUrl": "data/indexes",
"createSearchChoice": true,
"denyList": "^_.*$"
},
"required": true,
"validators": [
{
"type": "string",
"errorMsg": "Length of index name should be between 1 and 1023.",
"minLength": 1,
"maxLength": 1023
},
{
"type": "regex",
"errorMsg": "Index names must begin with a letter or a number and must contain only letters, numbers, underscores, or hyphens.",
"pattern": "^[a-zA-Z0-9][a-zA-Z0-9\\_\\-]*$"
}
]
},
{
"field": "sourcetype",
"label": "Sourcetype",
"help": "",
"required": true,
"type": "text",
"defaultValue": "mscs:consumption:billing",
"options": {}
},
{
"field": "query_days",
"label": "Max days to query",
"help": "Specify the maximum number of days to query.",
"required": false,
"type": "text",
"defaultValue": "10",
"validators": [
{
"type": "regex",
"pattern": "^[1-9]\\d*$",
"errorMsg": "Max days to query must be a non-zero positive integer. Defaults to 10 days."
}
]
},
{
"field": "start_date",
"label": "Start Date",
"help": "Defaults to 90 days in the past if empty. Format: YYYY-MM-DD",
"required": false,
"type": "text",
"options": {}
}
]
}
],
"table": {
"actions": [
"edit",
"enable",
"delete",
"clone"
],
"header": [
{
"label": "Name",
"field": "name"
},
{
"field": "serviceName",
"label": "Input Type",
"mapping": {
"mscs_azure_audit": "Azure Audit",
"mscs_azure_event_hub": "Azure Event Hub",
"mscs_azure_resource": "Azure Resource",
"mscs_storage_blob": "Azure Storage Blob",
"mscs_storage_table": "Azure Storage Table",
"mscs_azure_metrics": "Azure Metrics",
"mscs_azure_kql": "Azure KQL Log Analytics",
"mscs_azure_consumption": "Azure Consumption(Billing)"
}
},
{
"field": "account",
"label": "Account"
},
{
"label": "Index",
"field": "index"
},
{
"label": "Status",
"field": "disabled"
}
],
"moreInfo": [
{
"label": "Name",
"field": "name"
},
{
"field": "account",
"label": "Account"
},
{
"label": "Index",
"field": "index"
},
{
"label": "Status",
"field": "disabled"
},
{
"field": "table_list",
"label": "Table List"
},
{
"field": "container_name",
"label": "Container Name"
},
{
"field": "prefix",
"label": "Prefix"
},
{
"field": "blob_list",
"label": "Blob List"
},
{
"field": "exclude_blob_list",
"label": "Exclude Blob List"
},
{
"field": "decoding",
"label": "Decoding"
},
{
"field": "blob_compression",
"label": "Blob Compression Type",
"mapping": {
"not_compressed": "Not compressed",
"extension_based": "From blob name extension",
"gzip": "Gzip"
}
},
{
"field": "subscription_id",
"label": "Subscription ID"
},
{
"field": "namespaces",
"label": "Namespaces"
},
{
"field": "metric_statistics",
"label": "Metric Statistics"
},
{
"field": "preferred_time_aggregation",
"label": "Preferred Time Aggregation"
},
{
"field": "metric_index_flag",
"label": "Use Metric Index?"
},
{
"field": "resource_type",
"label": "Resource Type"
},
{
"field": "resource_group_list",
"label": "Resource Group List"
},
{
"field": "start_time",
"label": "Start Time"
},
{
"field": "collection_interval",
"label": "Interval"
},
{
"field": "interval",
"label": "Interval"
},
{
"field": "sourcetype",
"label": "Sourcetype"
},
{
"field": "data_type",
"label": "Data Type"
},
{
"field": "start_date",
"label": "Start Date"
},
{
"field": "query_days",
"label": "Max days to query"
}
]
}
}
},
"meta": {
"name": "Splunk_TA_microsoft-cloudservices",
"restRoot": "splunk_ta_mscs",
"version": "5.3.2",
"displayName": "Splunk Add-on for Microsoft Cloud Services",
"schemaVersion": "0.0.3",
"os-dependentLibraries": [
{
"name": "cryptography",
"version": "42.0.4",
"platform": "win_amd64",
"python_version": "37",
"target": "3rdparty/windows_x86_64/python37",
"os": "windows"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "win_amd64",
"python_version": "37",
"target": "3rdparty/windows_x86_64/python37",
"os": "windows"
},
{
"name": "cryptography",
"version": "42.0.4",
"platform": "manylinux2014_x86_64",
"python_version": "37",
"target": "3rdparty/linux_x86_64/python37",
"os": "linux"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "manylinux2014_x86_64",
"python_version": "37",
"target": "3rdparty/linux_x86_64/python37",
"os": "linux"
},
{
"name": "cryptography",
"version": "42.0.4",
"platform": "macosx_10_12_x86_64",
"python_version": "37",
"target": "3rdparty/darwin_x86_64/python37",
"os": "darwin"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "macosx_10_9_x86_64",
"python_version": "37",
"target": "3rdparty/darwin_x86_64/python37",
"os": "darwin"
},
{
"name": "cryptography",
"version": "42.0.4",
"platform": "win_amd64",
"python_version": "39",
"target": "3rdparty/windows_x86_64/python39",
"os": "windows"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "win_amd64",
"python_version": "39",
"target": "3rdparty/windows_x86_64/python39",
"os": "windows"
},
{
"name": "cryptography",
"version": "42.0.4",
"platform": "manylinux2014_x86_64",
"python_version": "39",
"target": "3rdparty/linux_x86_64/python39",
"os": "linux"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "manylinux2014_x86_64",
"python_version": "39",
"target": "3rdparty/linux_x86_64/python39",
"os": "linux"
},
{
"name": "cryptography",
"version": "42.0.4",
"platform": "macosx_10_12_x86_64",
"python_version": "39",
"target": "3rdparty/darwin_x86_64/python39",
"os": "darwin"
},
{
"name": "cffi",
"version": "1.15.1",
"platform": "macosx_10_9_x86_64",
"python_version": "39",
"target": "3rdparty/darwin_x86_64/python39",
"os": "darwin"
}
],
"_uccVersion": "5.39.1"
}
}
2. 修改Py文件
文件位置:Splunk_TA_microsoft-cloudservices/lib/mscs_storage_service.py
位置: 237行 "net"修改成"cn"
本文来自博客园,作者:SprogQVQ,转载请注明原文链接:https://www.cnblogs.com/sprogqvq/p/18750092
浙公网安备 33010602011771号