splunk
diff --git a/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion b/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/dependabot.yml‎
Lines changed: 18 additions & 0 deletions b/‎.github/dependabot.yml‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎.github/signatures/version1/cla.json‎
Lines changed: 36 additions & 0 deletions b/‎.github/signatures/version1/cla.json‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎.github/workflows/release-notes.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-notes.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile.uf‎
Lines changed: 7 additions & 0 deletions b/‎Dockerfile.uf‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎deps/build/addonfactory_test_matrix_splunk‎ b/‎deps/build/addonfactory_test_matrix_splunk‎
diff --git a/‎docker-compose.yml‎
Lines changed: 21 additions & 1 deletion b/‎docker-compose.yml‎
Lines changed: 21 additions & 1 deletion
diff --git a/‎docs/api_reference/addon_parser.rst‎
Lines changed: 6 additions & 0 deletions b/‎docs/api_reference/addon_parser.rst‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/api_reference/event_ingestion.rst‎
Lines changed: 6 additions & 0 deletions b/‎docs/api_reference/event_ingestion.rst‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/cim_tests.rst‎
Lines changed: 4 additions & 5 deletions b/‎docs/cim_tests.rst‎
Lines changed: 4 additions & 5 deletions
@@ -71,7 +71,7 @@ orbs:
 jobs:
   release:
     docker:
-      - image: circleci/node:11
+      - image: circleci/node:12
     steps:
       - checkout
       - run: npx semantic-release
 
@@ -0,0 +1,18 @@
+##
+## SPDX-FileCopyrightText: 2020 Splunk, Inc. <[email protected]>
+## SPDX-License-Identifier: LicenseRef-Splunk-1-2020
+##
+##
+version: 2
+updates:
+  # Keep package.json (& lockfiles) up to date as soon as
+  # new versions are published to the npm registry
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    schedule:
+      interval: "daily"
+  # Keep Dockerfile up to date, batching pull requests weekly
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
@@ -0,0 +1,36 @@
+{
+  "signedContributors": [
+    {
+      "name": "pszkamruk-splunk",
+      "id": 75434853,
+      "comment_id": 762698833,
+      "created_at": "2021-01-19T08:56:57Z",
+      "repoId": 237108761,
+      "pullRequestNo": 239
+    },
+    {
+      "name": "uoboda-splunk",
+      "id": 76950960,
+      "comment_id": 766894862,
+      "created_at": "2021-01-25T15:26:50Z",
+      "repoId": 237108761,
+      "pullRequestNo": 243
+    },
+    {
+      "name": "kkania-splunk",
+      "id": 76955023,
+      "comment_id": 769724633,
+      "created_at": "2021-01-29T10:37:05Z",
+      "repoId": 237108761,
+      "pullRequestNo": 251
+    },
+    {
+      "name": "rajkarkar-crest",
+      "id": 69803383,
+      "comment_id": 770676856,
+      "created_at": "2021-02-01T08:37:13Z",
+      "repoId": 237108761,
+      "pullRequestNo": 253
+    }
+  ]
+}
@@ -15,7 +15,7 @@ jobs:
           git fetch --prune --unshallow --tags
       - uses: snyk/[email protected]
         with:
-          releaseBranch: master
+          releaseBranch: main
         env:
           GITHUB_PR_USERNAME: ${{ github.actor }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,7 @@
+ARG SPLUNK_VERSION=latest
+FROM splunk/universalforwarder:$SPLUNK_VERSION
+ARG SPLUNK_VERSION=latest
+ARG SPLUNK_APP_ID=TA_UNKNOWN
+ARG SPLUNK_APP_PACKAGE=package
+RUN echo ${SPLUNK_VERSION} $SPLUNK_APP_PACKAGE
+COPY ${SPLUNK_APP_PACKAGE} /opt/splunkforwarder/etc/apps/${SPLUNK_APP_ID}
@@ -63,7 +63,27 @@ services:
       - SPLUNK_PASSWORD=${SPLUNK_PASSWORD}
       - SPLUNK_START_ARGS=--accept-license
       - SPLUNK_HEC_TOKEN=${SPLUNK_HEC_TOKEN}
-  
+
+  uf:
+    build:
+      context: .
+      dockerfile: Dockerfile.uf
+      args:
+        SPLUNK_APP_ID: ${SPLUNK_APP_ID}
+        SPLUNK_APP_PACKAGE: ${SPLUNK_APP_PACKAGE}
+        SPLUNK_VERSION: ${SPLUNK_VERSION}
+    hostname: uf
+    ports:
+      - "9997"
+      - "8089"
+    links:
+      - splunk
+    environment:
+      - SPLUNK_PASSWORD=Chang3d!
+      - SPLUNK_START_ARGS=--accept-license
+    volumes:
+      - ${CURRENT_DIR}/uf_files:${CURRENT_DIR}/uf_files
+
 volumes:
   splunk-sc4s-var:
     external: false
@@ -34,3 +34,9 @@ TransformsParser
 .. automodule:: standard_lib.addon_parser.transforms_parser
    :members:
    :show-inheritance:
+
+SavedsearchesParser
+~~~~~~~~~~~~~~~~~~~
+.. automodule:: standard_lib.addon_parser.savedsearches_parser
+   :members:
+   :show-inheritance:
@@ -16,5 +16,11 @@ HEC Raw Ingestor
 SC4S Event Ingestor
 ~~~~~~~~~~~~~~~~~~~~
 .. automodule:: standard_lib.event_ingestors.sc4s_event_ingestor
+   :members:
+   :show-inheritance:
+
+File Monitor Ingestor
+~~~~~~~~~~~~~~~~~~~~~
+.. automodule:: standard_lib.event_ingestors.file_monitor_ingestor
    :members:
    :show-inheritance:
@@ -7,7 +7,7 @@ Overview
 The CIM tests are written with a purpose of testing the compatibility of the add-on with CIM Data Models (Based on Splunk_SA_CIM 4.15.0).
 An add-on is said to be CIM compatible if it fulfils the following two criteria:
 
-1. The add-on extracts all the fields with valid values, which are marked as required by the `Data Model Definitions <https://github.com/splunk/pytest-splunk-addon/tree/master/pytest_splunk_addon/standard_lib/data_models>`_.
+1. The add-on extracts all the fields with valid values, which are marked as required by the `Data Model Definitions <https://github.com/splunk/pytest-splunk-addon/tree/main/pytest_splunk_addon/standard_lib/data_models>`_.
 2. Any event for the add-on is not mapped with more than one data model.
 
 ---------------------
@@ -34,7 +34,7 @@ Test Scenarios
     **Workflow:**
 
     * Plugin parses tags.conf to get a list of tags for each eventtype.
-    * Plugin parses all the `supported datamodels <https://github.com/splunk/pytest-splunk-addon/tree/master/pytest_splunk_addon/standard_lib/data_models>`_.
+    * Plugin parses all the `supported datamodels <https://github.com/splunk/pytest-splunk-addon/tree/main/pytest_splunk_addon/standard_lib/data_models>`_.
     * Then it gets a list of the datasets mapped with an eventtype.
     * Generates test case for each eventtype.
 
@@ -80,11 +80,11 @@ Test Scenarios
 
     **Workflow:**
 
-    * Plugin collects the list of not_allowed_in_search fields from mapped datasets and `CommonFields.json <https://github.com/splunk/pytest-splunk-addon/blob/master/pytest_splunk_addon/standard_lib/cim_tests/CommonFields.json>`_.
+    * Plugin collects the list of not_allowed_in_search fields from mapped datasets and `CommonFields.json <https://github.com/splunk/pytest-splunk-addon/blob/main/pytest_splunk_addon/standard_lib/cim_tests/CommonFields.json>`_.
     * Using search query the test case verifies if not_allowed_in_search fields are populated in search or not.
 
     .. note::
-      `CommonFields.json <https://github.com/splunk/pytest-splunk-addon/blob/master/pytest_splunk_addon/standard_lib/cim_tests/CommonFields.json>`_ contains fields which are automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security.
+      `CommonFields.json <https://github.com/splunk/pytest-splunk-addon/blob/main/pytest_splunk_addon/standard_lib/cim_tests/CommonFields.json>`_ contains fields which are automatically provided by asset and identity correlation features of applications like Splunk Enterprise Security.
 
 **4. Testcase for all not_allowed_in_props fields**
 
@@ -118,7 +118,6 @@ In case of test case failure check if:
 
     - The add-on to be tested is installed on the Splunk instance.
     - Data is generated sufficiently for the addon being tested.
-    - Splunk_SA_CIM is installed on the Splunk instance.
     - Splunk licence has not expired.
     - Splunk instance is up and running.
     - Splunk instance's management port is accessible from the test machine.