cribl-control-plane 0.0.13__py3-none-any.whl

cribl_control_plane/models/inputsnmp.py

@@ -0,0 +1,274 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic.functional_validators import PlainValidator
+from typing import Any, List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class InputSnmpType(str, Enum, metaclass=utils.OpenEnumMeta):
+    SNMP = "snmp"
+
+
+class InputSnmpConnectionTypedDict(TypedDict):
+    output: str
+    pipeline: NotRequired[str]
+
+
+class InputSnmpConnection(BaseModel):
+    output: str
+
+    pipeline: Optional[str] = None
+
+
+class InputSnmpMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    SMART = "smart"
+    ALWAYS = "always"
+
+
+class InputSnmpCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Codec to use to compress the persisted data"""
+
+    NONE = "none"
+    GZIP = "gzip"
+
+
+class InputSnmpPqTypedDict(TypedDict):
+    mode: NotRequired[InputSnmpMode]
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+    max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    commit_frequency: NotRequired[float]
+    r"""The number of events to send downstream before committing that Stream has read them"""
+    max_file_size: NotRequired[str]
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+    max_size: NotRequired[str]
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+    path: NotRequired[str]
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+    compress: NotRequired[InputSnmpCompression]
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputSnmpPq(BaseModel):
+    mode: Annotated[
+        Optional[InputSnmpMode], PlainValidator(validate_open_enum(False))
+    ] = InputSnmpMode.ALWAYS
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    commit_frequency: Annotated[
+        Optional[float], pydantic.Field(alias="commitFrequency")
+    ] = 42
+    r"""The number of events to send downstream before committing that Stream has read them"""
+
+    max_file_size: Annotated[Optional[str], pydantic.Field(alias="maxFileSize")] = (
+        "1 MB"
+    )
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+
+    max_size: Annotated[Optional[str], pydantic.Field(alias="maxSize")] = "5GB"
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+
+    path: Optional[str] = "$CRIBL_HOME/state/queues"
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+
+    compress: Annotated[
+        Optional[InputSnmpCompression], PlainValidator(validate_open_enum(False))
+    ] = InputSnmpCompression.NONE
+    r"""Codec to use to compress the persisted data"""
+
+
+class AuthenticationProtocol(str, Enum, metaclass=utils.OpenEnumMeta):
+    NONE = "none"
+    MD5 = "md5"
+    SHA = "sha"
+    SHA224 = "sha224"
+    SHA256 = "sha256"
+    SHA384 = "sha384"
+    SHA512 = "sha512"
+
+
+class V3UserTypedDict(TypedDict):
+    name: str
+    auth_protocol: NotRequired[AuthenticationProtocol]
+    auth_key: NotRequired[Any]
+    priv_protocol: NotRequired[str]
+
+
+class V3User(BaseModel):
+    name: str
+
+    auth_protocol: Annotated[
+        Annotated[
+            Optional[AuthenticationProtocol], PlainValidator(validate_open_enum(False))
+        ],
+        pydantic.Field(alias="authProtocol"),
+    ] = AuthenticationProtocol.NONE
+
+    auth_key: Annotated[Optional[Any], pydantic.Field(alias="authKey")] = None
+
+    priv_protocol: Annotated[Optional[str], pydantic.Field(alias="privProtocol")] = (
+        "none"
+    )
+
+
+class SNMPv3AuthenticationTypedDict(TypedDict):
+    r"""Authentication parameters for SNMPv3 trap. Set the log level to debug if you are experiencing authentication or decryption issues."""
+
+    v3_auth_enabled: NotRequired[bool]
+    allow_unmatched_trap: NotRequired[bool]
+    r"""Pass through traps that don't match any of the configured users. @{product} will not attempt to decrypt these traps."""
+    v3_users: NotRequired[List[V3UserTypedDict]]
+    r"""User credentials for receiving v3 traps"""
+
+
+class SNMPv3Authentication(BaseModel):
+    r"""Authentication parameters for SNMPv3 trap. Set the log level to debug if you are experiencing authentication or decryption issues."""
+
+    v3_auth_enabled: Annotated[
+        Optional[bool], pydantic.Field(alias="v3AuthEnabled")
+    ] = False
+
+    allow_unmatched_trap: Annotated[
+        Optional[bool], pydantic.Field(alias="allowUnmatchedTrap")
+    ] = False
+    r"""Pass through traps that don't match any of the configured users. @{product} will not attempt to decrypt these traps."""
+
+    v3_users: Annotated[Optional[List[V3User]], pydantic.Field(alias="v3Users")] = None
+    r"""User credentials for receiving v3 traps"""
+
+
+class InputSnmpMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputSnmpMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputSnmpTypedDict(TypedDict):
+    type: InputSnmpType
+    id: NotRequired[str]
+    r"""Unique ID for this input"""
+    disabled: NotRequired[bool]
+    pipeline: NotRequired[str]
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+    send_to_routes: NotRequired[bool]
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+    environment: NotRequired[str]
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+    pq_enabled: NotRequired[bool]
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+    streamtags: NotRequired[List[str]]
+    r"""Tags for filtering and grouping in @{product}"""
+    connections: NotRequired[List[InputSnmpConnectionTypedDict]]
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+    pq: NotRequired[InputSnmpPqTypedDict]
+    host: NotRequired[str]
+    r"""Address to bind on. For IPv4 (all addresses), use the default '0.0.0.0'. For IPv6, enter '::' (all addresses) or specify an IP address."""
+    port: NotRequired[float]
+    r"""UDP port to receive SNMP traps on. Defaults to 162."""
+    snmp_v3_auth: NotRequired[SNMPv3AuthenticationTypedDict]
+    r"""Authentication parameters for SNMPv3 trap. Set the log level to debug if you are experiencing authentication or decryption issues."""
+    max_buffer_size: NotRequired[float]
+    r"""Maximum number of events to buffer when downstream is blocking."""
+    ip_whitelist_regex: NotRequired[str]
+    r"""Regex matching IP addresses that are allowed to send data"""
+    metadata: NotRequired[List[InputSnmpMetadatumTypedDict]]
+    r"""Fields to add to events from this input"""
+    udp_socket_rx_buf_size: NotRequired[float]
+    r"""Optionally, set the SO_RCVBUF socket option for the UDP socket. This value tells the operating system how many bytes can be buffered in the kernel before events are dropped. Leave blank to use the OS default. Caution: Increasing this value will affect OS memory utilization."""
+    varbinds_with_types: NotRequired[bool]
+    r"""If enabled, parses varbinds as an array of objects that include OID, value, and type"""
+    best_effort_parsing: NotRequired[bool]
+    r"""If enabled, the parser will attempt to parse varbind octet strings as UTF-8, first, otherwise will fallback to other methods"""
+    description: NotRequired[str]
+
+
+class InputSnmp(BaseModel):
+    type: Annotated[InputSnmpType, PlainValidator(validate_open_enum(False))]
+
+    id: Optional[str] = None
+    r"""Unique ID for this input"""
+
+    disabled: Optional[bool] = False
+
+    pipeline: Optional[str] = None
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+
+    send_to_routes: Annotated[Optional[bool], pydantic.Field(alias="sendToRoutes")] = (
+        True
+    )
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+
+    environment: Optional[str] = None
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+
+    pq_enabled: Annotated[Optional[bool], pydantic.Field(alias="pqEnabled")] = False
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+
+    streamtags: Optional[List[str]] = None
+    r"""Tags for filtering and grouping in @{product}"""
+
+    connections: Optional[List[InputSnmpConnection]] = None
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+
+    pq: Optional[InputSnmpPq] = None
+
+    host: Optional[str] = "0.0.0.0"
+    r"""Address to bind on. For IPv4 (all addresses), use the default '0.0.0.0'. For IPv6, enter '::' (all addresses) or specify an IP address."""
+
+    port: Optional[float] = 162
+    r"""UDP port to receive SNMP traps on. Defaults to 162."""
+
+    snmp_v3_auth: Annotated[
+        Optional[SNMPv3Authentication], pydantic.Field(alias="snmpV3Auth")
+    ] = None
+    r"""Authentication parameters for SNMPv3 trap. Set the log level to debug if you are experiencing authentication or decryption issues."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""Maximum number of events to buffer when downstream is blocking."""
+
+    ip_whitelist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipWhitelistRegex")
+    ] = "/.*/"
+    r"""Regex matching IP addresses that are allowed to send data"""
+
+    metadata: Optional[List[InputSnmpMetadatum]] = None
+    r"""Fields to add to events from this input"""
+
+    udp_socket_rx_buf_size: Annotated[
+        Optional[float], pydantic.Field(alias="udpSocketRxBufSize")
+    ] = None
+    r"""Optionally, set the SO_RCVBUF socket option for the UDP socket. This value tells the operating system how many bytes can be buffered in the kernel before events are dropped. Leave blank to use the OS default. Caution: Increasing this value will affect OS memory utilization."""
+
+    varbinds_with_types: Annotated[
+        Optional[bool], pydantic.Field(alias="varbindsWithTypes")
+    ] = False
+    r"""If enabled, parses varbinds as an array of objects that include OID, value, and type"""
+
+    best_effort_parsing: Annotated[
+        Optional[bool], pydantic.Field(alias="bestEffortParsing")
+    ] = False
+    r"""If enabled, the parser will attempt to parse varbind octet strings as UTF-8, first, otherwise will fallback to other methods"""
+
+    description: Optional[str] = None

cribl_control_plane/models/inputsplunk.py

@@ -0,0 +1,387 @@
+"""Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT."""
+
+from __future__ import annotations
+from cribl_control_plane import utils
+from cribl_control_plane.types import BaseModel
+from cribl_control_plane.utils import validate_open_enum
+from enum import Enum
+import pydantic
+from pydantic.functional_validators import PlainValidator
+from typing import Any, List, Optional
+from typing_extensions import Annotated, NotRequired, TypedDict
+
+
+class InputSplunkType(str, Enum, metaclass=utils.OpenEnumMeta):
+    SPLUNK = "splunk"
+
+
+class InputSplunkConnectionTypedDict(TypedDict):
+    output: str
+    pipeline: NotRequired[str]
+
+
+class InputSplunkConnection(BaseModel):
+    output: str
+
+    pipeline: Optional[str] = None
+
+
+class InputSplunkMode(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    SMART = "smart"
+    ALWAYS = "always"
+
+
+class InputSplunkPqCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Codec to use to compress the persisted data"""
+
+    NONE = "none"
+    GZIP = "gzip"
+
+
+class InputSplunkPqTypedDict(TypedDict):
+    mode: NotRequired[InputSplunkMode]
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+    max_buffer_size: NotRequired[float]
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+    commit_frequency: NotRequired[float]
+    r"""The number of events to send downstream before committing that Stream has read them"""
+    max_file_size: NotRequired[str]
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+    max_size: NotRequired[str]
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+    path: NotRequired[str]
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+    compress: NotRequired[InputSplunkPqCompression]
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputSplunkPq(BaseModel):
+    mode: Annotated[
+        Optional[InputSplunkMode], PlainValidator(validate_open_enum(False))
+    ] = InputSplunkMode.ALWAYS
+    r"""With Smart mode, PQ will write events to the filesystem only when it detects backpressure from the processing engine. With Always On mode, PQ will always write events directly to the queue before forwarding them to the processing engine."""
+
+    max_buffer_size: Annotated[
+        Optional[float], pydantic.Field(alias="maxBufferSize")
+    ] = 1000
+    r"""The maximum number of events to hold in memory before writing the events to disk"""
+
+    commit_frequency: Annotated[
+        Optional[float], pydantic.Field(alias="commitFrequency")
+    ] = 42
+    r"""The number of events to send downstream before committing that Stream has read them"""
+
+    max_file_size: Annotated[Optional[str], pydantic.Field(alias="maxFileSize")] = (
+        "1 MB"
+    )
+    r"""The maximum size to store in each queue file before closing and optionally compressing. Enter a numeral with units of KB, MB, etc."""
+
+    max_size: Annotated[Optional[str], pydantic.Field(alias="maxSize")] = "5GB"
+    r"""The maximum disk space that the queue can consume (as an average per Worker Process) before queueing stops. Enter a numeral with units of KB, MB, etc."""
+
+    path: Optional[str] = "$CRIBL_HOME/state/queues"
+    r"""The location for the persistent queue files. To this field's value, the system will append: /<worker-id>/inputs/<input-id>"""
+
+    compress: Annotated[
+        Optional[InputSplunkPqCompression], PlainValidator(validate_open_enum(False))
+    ] = InputSplunkPqCompression.NONE
+    r"""Codec to use to compress the persisted data"""
+
+
+class InputSplunkMinimumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
+    TL_SV1 = "TLSv1"
+    TL_SV1_1 = "TLSv1.1"
+    TL_SV1_2 = "TLSv1.2"
+    TL_SV1_3 = "TLSv1.3"
+
+
+class InputSplunkMaximumTLSVersion(str, Enum, metaclass=utils.OpenEnumMeta):
+    TL_SV1 = "TLSv1"
+    TL_SV1_1 = "TLSv1.1"
+    TL_SV1_2 = "TLSv1.2"
+    TL_SV1_3 = "TLSv1.3"
+
+
+class InputSplunkTLSSettingsServerSideTypedDict(TypedDict):
+    disabled: NotRequired[bool]
+    certificate_name: NotRequired[str]
+    r"""The name of the predefined certificate"""
+    priv_key_path: NotRequired[str]
+    r"""Path on server containing the private key to use. PEM format. Can reference $ENV_VARS."""
+    passphrase: NotRequired[str]
+    r"""Passphrase to use to decrypt private key"""
+    cert_path: NotRequired[str]
+    r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
+    ca_path: NotRequired[str]
+    r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
+    request_cert: NotRequired[bool]
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+    reject_unauthorized: NotRequired[Any]
+    common_name_regex: NotRequired[Any]
+    min_version: NotRequired[InputSplunkMinimumTLSVersion]
+    max_version: NotRequired[InputSplunkMaximumTLSVersion]
+
+
+class InputSplunkTLSSettingsServerSide(BaseModel):
+    disabled: Optional[bool] = True
+
+    certificate_name: Annotated[
+        Optional[str], pydantic.Field(alias="certificateName")
+    ] = None
+    r"""The name of the predefined certificate"""
+
+    priv_key_path: Annotated[Optional[str], pydantic.Field(alias="privKeyPath")] = None
+    r"""Path on server containing the private key to use. PEM format. Can reference $ENV_VARS."""
+
+    passphrase: Optional[str] = None
+    r"""Passphrase to use to decrypt private key"""
+
+    cert_path: Annotated[Optional[str], pydantic.Field(alias="certPath")] = None
+    r"""Path on server containing certificates to use. PEM format. Can reference $ENV_VARS."""
+
+    ca_path: Annotated[Optional[str], pydantic.Field(alias="caPath")] = None
+    r"""Path on server containing CA certificates to use. PEM format. Can reference $ENV_VARS."""
+
+    request_cert: Annotated[Optional[bool], pydantic.Field(alias="requestCert")] = False
+    r"""Require clients to present their certificates. Used to perform client authentication using SSL certs."""
+
+    reject_unauthorized: Annotated[
+        Optional[Any], pydantic.Field(alias="rejectUnauthorized")
+    ] = None
+
+    common_name_regex: Annotated[
+        Optional[Any], pydantic.Field(alias="commonNameRegex")
+    ] = None
+
+    min_version: Annotated[
+        Annotated[
+            Optional[InputSplunkMinimumTLSVersion],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="minVersion"),
+    ] = None
+
+    max_version: Annotated[
+        Annotated[
+            Optional[InputSplunkMaximumTLSVersion],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="maxVersion"),
+    ] = None
+
+
+class InputSplunkMetadatumTypedDict(TypedDict):
+    name: str
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputSplunkMetadatum(BaseModel):
+    name: str
+
+    value: str
+    r"""JavaScript expression to compute field's value, enclosed in quotes or backticks. (Can evaluate to a constant.)"""
+
+
+class InputSplunkAuthTokenTypedDict(TypedDict):
+    token: str
+    r"""Shared secrets to be provided by any Splunk forwarder. If empty, unauthorized access is permitted."""
+    description: NotRequired[str]
+
+
+class InputSplunkAuthToken(BaseModel):
+    token: str
+    r"""Shared secrets to be provided by any Splunk forwarder. If empty, unauthorized access is permitted."""
+
+    description: Optional[str] = None
+
+
+class InputSplunkMaxS2SVersion(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""The highest S2S protocol version to advertise during handshake"""
+
+    V3 = "v3"
+    V4 = "v4"
+
+
+class InputSplunkCompression(str, Enum, metaclass=utils.OpenEnumMeta):
+    r"""Controls whether to support reading compressed data from a forwarder. Select 'Automatic' to match the forwarder's configuration, or 'Disabled' to reject compressed connections."""
+
+    DISABLED = "disabled"
+    AUTO = "auto"
+    ALWAYS = "always"
+
+
+class InputSplunkTypedDict(TypedDict):
+    type: InputSplunkType
+    port: float
+    r"""Port to listen on"""
+    id: NotRequired[str]
+    r"""Unique ID for this input"""
+    disabled: NotRequired[bool]
+    pipeline: NotRequired[str]
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+    send_to_routes: NotRequired[bool]
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+    environment: NotRequired[str]
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+    pq_enabled: NotRequired[bool]
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+    streamtags: NotRequired[List[str]]
+    r"""Tags for filtering and grouping in @{product}"""
+    connections: NotRequired[List[InputSplunkConnectionTypedDict]]
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+    pq: NotRequired[InputSplunkPqTypedDict]
+    host: NotRequired[str]
+    r"""Address to bind on. Defaults to 0.0.0.0 (all addresses)."""
+    tls: NotRequired[InputSplunkTLSSettingsServerSideTypedDict]
+    ip_whitelist_regex: NotRequired[str]
+    r"""Regex matching IP addresses that are allowed to establish a connection"""
+    max_active_cxn: NotRequired[float]
+    r"""Maximum number of active connections allowed per Worker Process. Use 0 for unlimited."""
+    socket_idle_timeout: NotRequired[float]
+    r"""How long @{product} should wait before assuming that an inactive socket has timed out. After this time, the connection will be closed. Leave at 0 for no inactive socket monitoring."""
+    socket_ending_max_wait: NotRequired[float]
+    r"""How long the server will wait after initiating a closure for a client to close its end of the connection. If the client doesn't close the connection within this time, the server will forcefully terminate the socket to prevent resource leaks and ensure efficient connection cleanup and system stability. Leave at 0 for no inactive socket monitoring."""
+    socket_max_lifespan: NotRequired[float]
+    r"""The maximum duration a socket can remain open, even if active. This helps manage resources and mitigate issues caused by TCP pinning. Set to 0 to disable."""
+    enable_proxy_header: NotRequired[bool]
+    r"""Enable if the connection is proxied by a device that supports proxy protocol v1 or v2"""
+    metadata: NotRequired[List[InputSplunkMetadatumTypedDict]]
+    r"""Fields to add to events from this input"""
+    breaker_rulesets: NotRequired[List[str]]
+    r"""A list of event-breaking rulesets that will be applied, in order, to the input data stream"""
+    stale_channel_flush_ms: NotRequired[float]
+    r"""How long (in milliseconds) the Event Breaker will wait for new data to be sent to a specific channel before flushing the data stream out, as is, to the Pipelines"""
+    auth_tokens: NotRequired[List[InputSplunkAuthTokenTypedDict]]
+    r"""Shared secrets to be provided by any Splunk forwarder. If empty, unauthorized access is permitted."""
+    max_s2_sversion: NotRequired[InputSplunkMaxS2SVersion]
+    r"""The highest S2S protocol version to advertise during handshake"""
+    description: NotRequired[str]
+    use_fwd_timezone: NotRequired[bool]
+    r"""Event Breakers will determine events' time zone from UF-provided metadata, when TZ can't be inferred from the raw event"""
+    drop_control_fields: NotRequired[bool]
+    r"""Drop Splunk control fields such as `crcSalt` and `_savedPort`. If disabled, control fields are stored in the internal field `__ctrlFields`."""
+    extract_metrics: NotRequired[bool]
+    r"""Extract and process Splunk-generated metrics as Cribl metrics"""
+    compress: NotRequired[InputSplunkCompression]
+    r"""Controls whether to support reading compressed data from a forwarder. Select 'Automatic' to match the forwarder's configuration, or 'Disabled' to reject compressed connections."""
+
+
+class InputSplunk(BaseModel):
+    type: Annotated[InputSplunkType, PlainValidator(validate_open_enum(False))]
+
+    port: float
+    r"""Port to listen on"""
+
+    id: Optional[str] = None
+    r"""Unique ID for this input"""
+
+    disabled: Optional[bool] = False
+
+    pipeline: Optional[str] = None
+    r"""Pipeline to process data from this Source before sending it through the Routes"""
+
+    send_to_routes: Annotated[Optional[bool], pydantic.Field(alias="sendToRoutes")] = (
+        True
+    )
+    r"""Select whether to send data to Routes, or directly to Destinations."""
+
+    environment: Optional[str] = None
+    r"""Optionally, enable this config only on a specified Git branch. If empty, will be enabled everywhere."""
+
+    pq_enabled: Annotated[Optional[bool], pydantic.Field(alias="pqEnabled")] = False
+    r"""Use a disk queue to minimize data loss when connected services block. See [Cribl Docs](https://docs.cribl.io/stream/persistent-queues) for PQ defaults (Cribl-managed Cloud Workers) and configuration options (on-prem and hybrid Workers)."""
+
+    streamtags: Optional[List[str]] = None
+    r"""Tags for filtering and grouping in @{product}"""
+
+    connections: Optional[List[InputSplunkConnection]] = None
+    r"""Direct connections to Destinations, and optionally via a Pipeline or a Pack"""
+
+    pq: Optional[InputSplunkPq] = None
+
+    host: Optional[str] = "0.0.0.0"
+    r"""Address to bind on. Defaults to 0.0.0.0 (all addresses)."""
+
+    tls: Optional[InputSplunkTLSSettingsServerSide] = None
+
+    ip_whitelist_regex: Annotated[
+        Optional[str], pydantic.Field(alias="ipWhitelistRegex")
+    ] = "/.*/"
+    r"""Regex matching IP addresses that are allowed to establish a connection"""
+
+    max_active_cxn: Annotated[Optional[float], pydantic.Field(alias="maxActiveCxn")] = (
+        1000
+    )
+    r"""Maximum number of active connections allowed per Worker Process. Use 0 for unlimited."""
+
+    socket_idle_timeout: Annotated[
+        Optional[float], pydantic.Field(alias="socketIdleTimeout")
+    ] = 0
+    r"""How long @{product} should wait before assuming that an inactive socket has timed out. After this time, the connection will be closed. Leave at 0 for no inactive socket monitoring."""
+
+    socket_ending_max_wait: Annotated[
+        Optional[float], pydantic.Field(alias="socketEndingMaxWait")
+    ] = 30
+    r"""How long the server will wait after initiating a closure for a client to close its end of the connection. If the client doesn't close the connection within this time, the server will forcefully terminate the socket to prevent resource leaks and ensure efficient connection cleanup and system stability. Leave at 0 for no inactive socket monitoring."""
+
+    socket_max_lifespan: Annotated[
+        Optional[float], pydantic.Field(alias="socketMaxLifespan")
+    ] = 0
+    r"""The maximum duration a socket can remain open, even if active. This helps manage resources and mitigate issues caused by TCP pinning. Set to 0 to disable."""
+
+    enable_proxy_header: Annotated[
+        Optional[bool], pydantic.Field(alias="enableProxyHeader")
+    ] = False
+    r"""Enable if the connection is proxied by a device that supports proxy protocol v1 or v2"""
+
+    metadata: Optional[List[InputSplunkMetadatum]] = None
+    r"""Fields to add to events from this input"""
+
+    breaker_rulesets: Annotated[
+        Optional[List[str]], pydantic.Field(alias="breakerRulesets")
+    ] = None
+    r"""A list of event-breaking rulesets that will be applied, in order, to the input data stream"""
+
+    stale_channel_flush_ms: Annotated[
+        Optional[float], pydantic.Field(alias="staleChannelFlushMs")
+    ] = 10000
+    r"""How long (in milliseconds) the Event Breaker will wait for new data to be sent to a specific channel before flushing the data stream out, as is, to the Pipelines"""
+
+    auth_tokens: Annotated[
+        Optional[List[InputSplunkAuthToken]], pydantic.Field(alias="authTokens")
+    ] = None
+    r"""Shared secrets to be provided by any Splunk forwarder. If empty, unauthorized access is permitted."""
+
+    max_s2_sversion: Annotated[
+        Annotated[
+            Optional[InputSplunkMaxS2SVersion],
+            PlainValidator(validate_open_enum(False)),
+        ],
+        pydantic.Field(alias="maxS2Sversion"),
+    ] = InputSplunkMaxS2SVersion.V3
+    r"""The highest S2S protocol version to advertise during handshake"""
+
+    description: Optional[str] = None
+
+    use_fwd_timezone: Annotated[
+        Optional[bool], pydantic.Field(alias="useFwdTimezone")
+    ] = True
+    r"""Event Breakers will determine events' time zone from UF-provided metadata, when TZ can't be inferred from the raw event"""
+
+    drop_control_fields: Annotated[
+        Optional[bool], pydantic.Field(alias="dropControlFields")
+    ] = True
+    r"""Drop Splunk control fields such as `crcSalt` and `_savedPort`. If disabled, control fields are stored in the internal field `__ctrlFields`."""
+
+    extract_metrics: Annotated[
+        Optional[bool], pydantic.Field(alias="extractMetrics")
+    ] = False
+    r"""Extract and process Splunk-generated metrics as Cribl metrics"""
+
+    compress: Annotated[
+        Optional[InputSplunkCompression], PlainValidator(validate_open_enum(False))
+    ] = InputSplunkCompression.DISABLED
+    r"""Controls whether to support reading compressed data from a forwarder. Select 'Automatic' to match the forwarder's configuration, or 'Disabled' to reject compressed connections."""