W3cubDocs

/Ansible

community.general.splunk – Sends task result events to Splunk HTTP Event Collector

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.splunk.

Synopsis

  • This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
  • The companion Splunk Monitoring & Diagnostics App is available here “https://splunkbase.splunk.com/app/4023/
  • Credit to “Ryan Currah (@ryancurrah)” for original source upon which this is based.

Requirements

The below requirements are needed on the local controller node that executes this callback.

  • Whitelisting this callback plugin
  • Create a HTTP Event Collector in Splunk
  • Define the url and token in ansible.cfg

Parameters

Parameter Choices/Defaults Configuration Comments
authtoken
string
ini entries:

[callback_splunk]
authtoken = None

env:SPLUNK_AUTHTOKEN
Token to authenticate the connection to the Splunk HTTP collector
batch
string
added in 3.3.0 of community.general
ini entries:

[callback_splunk]
batch = None

env:SPLUNK_BATCH
Correlation ID which can be set across multiple playbook executions.
include_milliseconds
boolean
added in 2.0.0 of community.general
    Choices:
  • no
  • yes
ini entries:

[callback_splunk]
include_milliseconds = no

env:SPLUNK_INCLUDE_MILLISECONDS
Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector
url
string
ini entries:

[callback_splunk]
url = None

env:SPLUNK_URL
URL to the Splunk HTTP collector source
validate_certs
boolean
added in 1.0.0 of community.general
    Choices:
  • no
  • yes
ini entries:

[callback_splunk]
validate_certs = yes

env:SPLUNK_VALIDATE_CERTS
Whether to validate certificates for connections to HEC. It is not recommended to set to false except when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it to false allows man-in-the-middle attacks!

Examples

examples: >
  To enable, add this to your ansible.cfg file in the defaults block
    [defaults]
    callback_whitelist = community.general.splunk
  Set the environment variable
    export SPLUNK_URL=http://mysplunkinstance.datapaas.io:8088/services/collector/event
    export SPLUNK_AUTHTOKEN=f23blad6-5965-4537-bf69-5b5a545blabla88
  Set the ansible.cfg variable in the callback_splunk block
    [callback_splunk]
    url = http://mysplunkinstance.datapaas.io:8088/services/collector/event
    authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88

Authors

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/splunk_callback.html