templates for indexes, props and savedsearches

playbooks/roles/splunk-server/templates/opt/splunk/etc/apps/search/local/indexes.conf.j2

@@ -10,6 +10,9 @@ homePath = {{ index.homePath }}
 {% else %}
 homePath = {{ splunk_hot_dir }}/{{ index.name }}/db
 {% endif %}
+{% if index.maxTotalDataSizeMB is defined %}
+maxTotalDataSizeMB = {{ index.maxTotalDataSizeMB }}
+{% endif %}
 {% if index.thawedPath is defined %}
 thawedPath = {{ index.thawedPath }}
 {% else %}
@@ -27,9 +30,6 @@ home = {{ index.home }}
 {% if index.enableDataIntegrityControl is defined %}
 enableDataIntegrityControl = {{ index.enableDataIntegrityControl }}
 {% endif %}
-{% if index.maxTotalDataSizeMB is defined %}
-maxTotalDataSizeMB = {{ index.maxTotalDataSizeMB }}
-{% endif %}
 {% if index.enableTsidxReduction is defined %}
 enableTsidxReduction = {{ index.enableTsidxReduction }}
 {% endif %}

playbooks/roles/splunk-server/templates/opt/splunk/etc/apps/search/local/props.conf.j2

@@ -4,8 +4,43 @@
 {% elif 'sourcetype' in extraction %}
 [{{ extraction.sourcetype }}]
 {% endif %}
+{% if extraction.break_before is defined%}
+BREAK_ONLY_BEFORE = {{ extraction.break_before }}
+{% endif %}
+{% if extraction.max_events is defined%}
+MAX_EVENTS = {{ extraction.max_events }}
+{% endif %}
+{% if extraction.datetime_config is defined %}
+DATETIME_CONFIG = {{ extraction.datetime_config }}
+{% endif %}
+{% if extraction.indexed_extractions is defined %}
+INDEXED_EXTRACTIONS = {{ extraction.indexed_extractions }}
+{% endif %}
+{% if extraction.no_binary_check is defined %}
+NO_BINARY_CHECK = {{ extraction.no_binary_check }}
+{% endif %}
+{% if extraction.timestamp_fields is defined %}
+TIMESTAMP_FIELDS = {{ extraction.timestamp_fields }}
+{% endif %}
+{% if extraction.category is defined %}
+category = {{ extraction.category }}
+{% endif %}
+{% if extraction.description is defined %}
+description = {{ extraction.description }}
+{% endif %}
+{% if extraction.disabled is defined %}
+disabled = {{ extraction.disabled }}
+{% endif %}
+{% if extraction.pulldown_type is defined %}
+pulldown_type = {{ extraction.pulldown_type }}
+{% endif %}
 {% if extraction.name is defined %}
 EXTRACT-{{ extraction.name }} = {{ extraction.regex }}
 {% endif %}
+{% if 'sourcetype' in extraction and extraction.sourcetype == "build_log" %}
+EXTRACT-run-results = Setting status of .* and message: 'Build finished. (?P<num_run>\d+) tests run, (?P<num_skipped>\d+) skipped, (?P<num_failed>\d+) failed.
+EXTRACT-error_msg = \n?ERROR: (?P<error_msg>[^\n]*)
+EXTRACT-buildResult = Finished: (?P<buildResult>[A-Z]+)$
+{% endif %}
 
 {% endfor %}

playbooks/roles/splunk-server/templates/opt/splunk/etc/apps/search/local/savedsearches.conf.j2

@@ -4,7 +4,7 @@
 {% for search in SPLUNK_ALERTS %}
 [{{ search.name }}]
 {% if search.email is defined %}
-action.email = 1
+action.email = {{ search.email }}
 {% endif %}
 {% if search.email_format is defined %}
 action.email.format = {{ search.email_format }}
@@ -173,7 +173,7 @@ display.page.search.mode  = {{ search.search_mode }}
 {% if search.auto_summarize is defined %}
 auto_summarize = {{ search.auto_summarize }}
 {% endif %}
-{% if search.suppress is defined and not search.suppress %}
+{% if search.suppress is defined %}
 alert.suppress = {{ search.suppress }}
 {% endif %}
 {% if search.description is defined %}
@@ -211,7 +211,7 @@ displayview = {{ search.displayview }}
 request.ui_dispatch_view = {{ search.dispatchview }}
 {% endif %}
 {% if search.schedule is defined %}
-schedule = {{ search.schedule }}
+cron_schedule = {{ search.schedule }}
 {% endif %}
 {% if search.enableSched is defined %}
 enableSched = {{ search.enableSched }}
@@ -222,7 +222,7 @@ quantity = {{ search.quantity }}
 {% if search.time is defined %}
 dispatch.earliest_time = {{ search.time }}
 {% endif %}
-{% if search.realation is defined %}
+{% if search.relation is defined %}
 relation = {{ search.relation }}
 {% endif %}
 {% if search.dispatch_earliest_time is defined %}
@@ -237,4 +237,5 @@ search = {{ search.search }}
 {% if search.vsid is defined %}
 vsid = {{ search.vsid }}
 {% endif %}
+
 {% endfor %}