W3cubDocs

/Ansible 2.10

splunk.es.splunk_data_input_monitor – Manage Splunk Data Inputs of type Monitor

Note

This plugin is part of the splunk.es collection.

To install it use: ansible-galaxy collection install splunk.es.

To use it in a playbook, specify: splunk.es.splunk_data_input_monitor.

New in version 1.0.0: of splunk.es

Synopsis
Parameters
Examples

Synopsis

This module allows for addition or deletion of File and Directory Monitor Data Inputs in Splunk.

Parameters

Parameter	Choices/Defaults	Comments
blacklist string		Specify a regular expression for a file path. The file path that matches this regular expression is not indexed.
check_index boolean	Choices: no ← yes	If set to `True`, the index value is checked to ensure that it is the name of a valid index.
check_path boolean	Choices: no yes	If set to `True`, the name value is checked to ensure that it exists.
crc_salt string		A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation).
disabled boolean	Choices: no ← yes	Indicates if input monitoring is disabled.
followTail boolean	Choices: no ← yes	If set to `True`, files that are seen for the first time is read from the end.
host string		The value to populate in the host field for events from this data input.
host_regex string		Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group.
host_segment integer		Use the specified slash-separate segment of the filepath as the host field value.
ignore_older_than string		Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored.
index string		Which index events from this input should be stored in. Defaults to default.
name string / required		The file or directory path to monitor on the system.
recursive boolean	Choices: no ← yes	Setting this to False prevents monitoring of any subdirectories encountered within this data input.
rename_source string		The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs.
sourcetype string		The value to populate in the sourcetype field for incoming events.
state string / required	Choices: present absent	Add or remove a data source.
time_before_close integer		When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data.
whitelist string		Specify a regular expression for a file path. Only file paths that match this regular expression are indexed.

Examples

- name: Example adding data input monitor with splunk.es.data_input_monitor
  splunk.es.data_input_monitor:
    name: "/var/log/example.log"
    state: "present"
    recursive: True

Authors

Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/splunk/es/splunk_data_input_monitor_module.html