Note
This plugin is part of the splunk.es collection.
To install it use: ansible-galaxy collection install splunk.es
.
To use it in a playbook, specify: splunk.es.splunk_data_input_monitor
.
New in version 1.0.0: of splunk.es
Parameter | Choices/Defaults | Comments |
---|---|---|
blacklist string | Specify a regular expression for a file path. The file path that matches this regular expression is not indexed. | |
check_index boolean |
| If set to True , the index value is checked to ensure that it is the name of a valid index. |
check_path boolean |
| If set to True , the name value is checked to ensure that it exists. |
crc_salt string | A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation). | |
disabled boolean |
| Indicates if input monitoring is disabled. |
followTail boolean |
| If set to True , files that are seen for the first time is read from the end. |
host string | The value to populate in the host field for events from this data input. | |
host_regex string | Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group. | |
host_segment integer | Use the specified slash-separate segment of the filepath as the host field value. | |
ignore_older_than string | Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored. | |
index string | Which index events from this input should be stored in. Defaults to default. | |
name string / required | The file or directory path to monitor on the system. | |
recursive boolean |
| Setting this to False prevents monitoring of any subdirectories encountered within this data input. |
rename_source string | The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs. | |
sourcetype string | The value to populate in the sourcetype field for incoming events. | |
state string / required |
| Add or remove a data source. |
time_before_close integer | When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data. | |
whitelist string | Specify a regular expression for a file path. Only file paths that match this regular expression are indexed. |
- name: Example adding data input monitor with splunk.es.data_input_monitor splunk.es.data_input_monitor: name: "/var/log/example.log" state: "present" recursive: True
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/splunk/es/splunk_data_input_monitor_module.html