Forge Home

splunk

A puppet module for managing splunk servers and forwarders.

10,389 downloads

10,100 latest version

2.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.8.0 (latest)
  • 0.7.0
released Nov 11th 2013

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'mklauber-splunk', '0.8.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add mklauber-splunk
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install mklauber-splunk --version 0.8.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: splunk

Documentation

mklauber/splunk — version 0.8.0 Nov 11th 2013

mklauber/Splunk

mklauber/splunk is a puppet module for installing and configuring the splunk Server and splunk Universal Forwarder.

It was created by Matthew Lauber. It is licensed under the Apache 2 License.

Build Status Build Status

Installation

Installation is done via the standard puppet module command. pupppet module install mklauber/splunk. Installation can also be done via placing a copy of the module in the /etc/puppet/modules/ directory.

Usage

Splunk Installation

The splunk server is installed with the following code: class { 'splunk::server': }. The splunk Universal Forwarder is installed with the following code: class { 'splunk::forwarder': }.

Input and Output Configuration

The Input and Output files for splunk Server and splunk Universal Forwarder are configured using Resource Definitions. These definitions can be placed in multiple classes, they will be concatenated and placed in the ${SPLUNK_HOME}/etc/system/local/ directory.

Inputs

Default Input

This creates the [default] Stanza in the inputs.conf. It's always the first stanza if it's specified. It can only be specified once.

splunk::input::default { 'title': }

Monitor Input

Monitor input creates a [monitor://{path}] stanza for each path specified in path. Multiple monitors can be defined.

splunk::input::monitor { 'title':
  path => ['/path/to/log/files']
}

TCP Input

splunk::input::tcp { 'title':
  port => 9999
}

Outputs

Syslog Output

splunk::output::syslog { 'title':
  server => 'syslog.example.com'
}

tcp Output

splunk::output::tcpout { 'title': }

tcpGroup Output

splunk::output::tcpGroup { 'title':
  target_group => 'Group Name'
}

tcpServer Output

splunk::output::tcpServer { 'title':
  ip_address => '255.255.255.255',
  port       => 9999
}