W3cubDocs

/Ansible 2.10

splunk.es.splunk_data_input_monitor – Manage Splunk Data Inputs of type Monitor

Note

This plugin is part of the splunk.es collection.

To install it use: ansible-galaxy collection install splunk.es.

To use it in a playbook, specify: splunk.es.splunk_data_input_monitor.

New in version 1.0.0: of splunk.es

Synopsis

  • This module allows for addition or deletion of File and Directory Monitor Data Inputs in Splunk.

Parameters

Parameter Choices/Defaults Comments
blacklist
string
Specify a regular expression for a file path. The file path that matches this regular expression is not indexed.
check_index
boolean
    Choices:
  • no
  • yes
If set to True, the index value is checked to ensure that it is the name of a valid index.
check_path
boolean
    Choices:
  • no
  • yes
If set to True, the name value is checked to ensure that it exists.
crc_salt
string
A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation).
disabled
boolean
    Choices:
  • no
  • yes
Indicates if input monitoring is disabled.
followTail
boolean
    Choices:
  • no
  • yes
If set to True, files that are seen for the first time is read from the end.
host
string
The value to populate in the host field for events from this data input.
host_regex
string
Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group.
host_segment
integer
Use the specified slash-separate segment of the filepath as the host field value.
ignore_older_than
string
Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored.
index
string
Which index events from this input should be stored in. Defaults to default.
name
string / required
The file or directory path to monitor on the system.
recursive
boolean
    Choices:
  • no
  • yes
Setting this to False prevents monitoring of any subdirectories encountered within this data input.
rename_source
string
The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs.
sourcetype
string
The value to populate in the sourcetype field for incoming events.
state
string / required
    Choices:
  • present
  • absent
Add or remove a data source.
time_before_close
integer
When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data.
whitelist
string
Specify a regular expression for a file path. Only file paths that match this regular expression are indexed.

Examples

- name: Example adding data input monitor with splunk.es.data_input_monitor
  splunk.es.data_input_monitor:
    name: "/var/log/example.log"
    state: "present"
    recursive: True

Authors

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/splunk/es/splunk_data_input_monitor_module.html