Skip to content

Manage Splunk servers and forwarders using Puppet. Run Splunk as non-root user. Manage distributed Splunk deployments.

Notifications You must be signed in to change notification settings

nickperry/puppetlabs-splunk

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Overview

This module provides a method to deploy Splunk Server or Splunk Universal Forwarder with common configurations and ensure the services maintain a running state.

This module does not configure firewall rules. Firewall rules will need to be configured separately in order to allow for correct operation of Splunk and the Splunk Universal Forwarder. Additionally, this module does not supply Splunk or Splunk Universal Forwarder installation media. Installation media will need to be aquired seperately, and the module configured to use it.

Installation & Setup

To begin using this module, use the Puppet Module Tool (PMT) from the command line to install this module:

puppet module install puppetlabs-splunk

This will place the module into your primary module path if you do not utilize the --target-dir directive.

Once the module is in place, there is just a little setup needed.

First, you will need to place your downloaded splunk installers into the files directory, <module_path>/splunk/files/. The files must be placed according to directory structure example given below.

The expected directory structure is:

  `-- files
      |-- splunk
      |   `-- $platform
      |       `-- splunk-${version}-${build}-${additl}
      `-- universalforwarder
          `-- $platform
              `-- splunkforwarder-${version}-${build}-${additl}

A semi-populated example files directory might then contain:

  `-- files
      |-- splunk
      |   `-- linux
      |       |-- splunk-4.3.2-123586-linux-2.6-amd64.deb
      |       |-- splunk-4.3.2-123586-linux-2.6-intel.deb
      |       `-- splunk-4.3.2-123586-linux-2.6-x86_64.rpm
      `-- universalforwarder
          |-- linux
          |   |-- splunkforwarder-4.3.2-123586-linux-2.6-amd64.deb
          |   |-- splunkforwarder-4.3.2-123586-linux-2.6-intel.deb
          |   `-- splunkforwarder-4.3.2-123586-linux-2.6-x86_64.rpm
          |-- solaris
          |   `-- splunkforwarder-4.3.2-123586-solaris-9-intel.pkg
          `-- windows
              |-- splunkforwarder-4.3.2-123586-x64-release.msi
              `-- splunkforwarder-4.3.2-123586-x86-release.msi

Second, you will need to supply the splunk::params class with three critical pieces of information.

  • The version of Splunk you are using
  • The build of Splunk you are using
  • The root URL to use to retrieve the packages

In the example given above, the version is 4.3.2, the build is 123586, and the root URL is puppet:///modules/splunk. See the splunk::params class documentation for more information.

About

Manage Splunk servers and forwarders using Puppet. Run Splunk as non-root user. Manage distributed Splunk deployments.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Puppet 63.3%
  • Ruby 36.7%