Forge Home

splunk

Manage and deploy Splunk servers and forwarders

73,031 downloads

19,002 latest version

3.8 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 99.99.99 (latest)
  • 4.0.0
  • 3.2.1
  • 3.2.0
  • 3.1.1
  • 3.1.0
released Jul 21st 2015
This module has been deprecated by its author since Sep 28th 2017.

The reason given was: This module has been moved to the care of Vox Pupuli where it is now being maintained and updated.

The author has suggested puppet-splunk as its replacement.

Start using this module

Tags: splunk

Documentation

puppetlabs/splunk — version 3.2.0 Jul 21st 2015

Overview

This module provides a method to deploy Splunk Server or Splunk Universal Forwarder with common configurations and ensure the services maintain a running state.

This module does not configure firewall rules. Firewall rules will need to be configured separately in order to allow for correct operation of Splunk and the Splunk Universal Forwarder. Additionally, this module does not supply Splunk or Splunk Universal Forwarder installation media. Installation media will need to be aquired seperately, and the module configured to use it.

Installation & Setup

To begin using this module, use the Puppet Module Tool (PMT) from the command line to install this module:

puppet module install puppetlabs-splunk

This will place the module into your primary module path if you do not utilize the --target-dir directive.

Once the module is in place, there is just a little setup needed.

First, you will need to place your downloaded splunk installers into the files directory, <module_path>/splunk/files/. The files must be placed according to directory structure example given below.

The expected directory structure is:

  `-- files
      |-- splunk
      |   `-- $platform
      |       `-- splunk-${version}-${build}-${additl}
      `-- universalforwarder
          `-- $platform
              `-- splunkforwarder-${version}-${build}-${additl}

A semi-populated example files directory might then contain:

  `-- files
      |-- splunk
      |   `-- linux
      |       |-- splunk-4.3.2-123586-linux-2.6-amd64.deb
      |       |-- splunk-4.3.2-123586-linux-2.6-intel.deb
      |       `-- splunk-4.3.2-123586-linux-2.6-x86_64.rpm
      `-- universalforwarder
          |-- linux
          |   |-- splunkforwarder-4.3.2-123586-linux-2.6-amd64.deb
          |   |-- splunkforwarder-4.3.2-123586-linux-2.6-intel.deb
          |   `-- splunkforwarder-4.3.2-123586-linux-2.6-x86_64.rpm
          |-- solaris
          |   `-- splunkforwarder-4.3.2-123586-solaris-9-intel.pkg
          `-- windows
              |-- splunkforwarder-4.3.2-123586-x64-release.msi
              `-- splunkforwarder-4.3.2-123586-x86-release.msi

Second, you will need to supply the splunk::params class with three critical pieces of information.

  • The version of Splunk you are using
  • The build of Splunk you are using
  • The root URL to use to retrieve the packages

In the example given above, the version is 4.3.2, the build is 123586, and the root URL is puppet:///modules/splunk. See the splunk::params class documentation for more information.