community.general.splunk – Sends task result events to Splunk HTTP Event Collector
Note
This plugin is part of the community.general collection (version 3.8.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.splunk
.
Synopsis
- This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
- The companion Splunk Monitoring & Diagnostics App is available here “https://splunkbase.splunk.com/app/4023/”
- Credit to “Ryan Currah (@ryancurrah)” for original source upon which this is based.
Requirements
The below requirements are needed on the local controller node that executes this callback.
- Whitelisting this callback plugin
- Create a HTTP Event Collector in Splunk
- Define the url and token in ansible.cfg
Parameters
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
authtoken string | ini entries: [callback_splunk] env:SPLUNK_AUTHTOKEN | Token to authenticate the connection to the Splunk HTTP collector | |
batch string added in 3.3.0 of community.general | ini entries: [callback_splunk] env:SPLUNK_BATCH | Correlation ID which can be set across multiple playbook executions. | |
include_milliseconds boolean added in 2.0.0 of community.general |
| ini entries: [callback_splunk] env:SPLUNK_INCLUDE_MILLISECONDS | Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector |
url string | ini entries: [callback_splunk] env:SPLUNK_URL | URL to the Splunk HTTP collector source | |
validate_certs boolean added in 1.0.0 of community.general |
| ini entries: [callback_splunk] env:SPLUNK_VALIDATE_CERTS | Whether to validate certificates for connections to HEC. It is not recommended to set to false except when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it to false allows man-in-the-middle attacks! |
Examples
examples: > To enable, add this to your ansible.cfg file in the defaults block [defaults] callback_whitelist = community.general.splunk Set the environment variable export SPLUNK_URL=http://mysplunkinstance.datapaas.io:8088/services/collector/event export SPLUNK_AUTHTOKEN=f23blad6-5965-4537-bf69-5b5a545blabla88 Set the ansible.cfg variable in the callback_splunk block [callback_splunk] url = http://mysplunkinstance.datapaas.io:8088/services/collector/event authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88
Authors
- Stuart Hirst (!UNKNOWN) <support@convergingdata.com>
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/splunk_callback.html