Skip to content

Latest commit

 

History

History
459 lines (272 loc) · 13.2 KB

REFERENCE.md

File metadata and controls

459 lines (272 loc) · 13.2 KB
Raw

Reference

Table of Contents

Classes

Public Classes

  • splunk_hec: Simple class to manage your splunk_hec connectivity

Private Classes

  • splunk_hec::v2_cleanup: Class to remove old configuration files

Functions

  • splunk_hec::secure: Custom function to mark sensitive data utilized by this module as Sensitive types in the Puppet language. Sensitive data is redacted from Pup

Plans

Public Plans

Private Plans

  • splunk_hec::acceptance::oss_server_setup: Installs open source Puppet.
  • splunk_hec::acceptance::pe_server_setup: Install PE Server
  • splunk_hec::acceptance::provision_machines: Provisions machines
  • splunk_hec::acceptance::server_setup: Install PE Server

Classes

splunk_hec

Simple class to manage your splunk_hec connectivity

Examples

include splunk_hec

Parameters

The following parameters are available in the splunk_hec class:

url

Data type: Optional[String]

The url of the server that PE is running on

token

Data type: Optional[String]

The default Splunk HEC token Note: The value of the token is converted to Puppet's Sensitive data type during catalog application.

facts_allowlist

Data type: Array

The list of facts that will be collected in the report. To collect all facts available add the special value 'all.facts'.

Default value: ['dmi','disks','partitions','processors','networking']

enable_reports

Data type: Boolean

Adds splunk_hec to the list of report processors

Default value: false

record_event

Data type: Boolean

If set to true, will call store_event and save report as json

Default value: false

disabled

Data type: Boolean

Removes settings to send reports and facts to Splunk

Default value: false

only_changes

Data type: Boolean

When true, only reports with a changed status with be send to Splunk

Default value: false

manage_routes

Data type: Boolean

When false, will not automatically send facts to splunk_hec

Default value: false

events_reporting_enabled

Data type: Boolean

When true, will send data from PE Event Forwarding module to Splunk

Default value: false

facts_terminus

Data type: String

Ensure that facts get saved to puppetdb

Default value: 'puppetdb'

facts_cache_terminus

Data type: String

Makes sure that the facts get sent to splunk_hec

Default value: 'splunk_hec'

facts_blocklist

Data type: Optional[Array]

The list of facts that will not be collected in the report

Default value: undef

pe_console

Data type: String

The FQDN for the PE console

Default value: $settings::report_server

timeout

Data type: Optional[Integer]

Timeout limit for for both open and read sessions

Default value: undef

ssl_ca

Data type: Optional[String]

The name of the ca certification/bundle for ssl validation of the splunk_hec endpoint

Default value: undef

include_system_cert_store

Data type: Boolean

By default, the certificates in the local system cert store are ignored. To include these certificates for ssl validation of the splunk_hec endpoint set to True

Default value: false

fips_crl_check

Data type: Boolean

By default, the Puppet HTTP Client will attempt to check the Splunk CA against the Splunk CRL. Unless the Splunk HEC endpoint is configured with a certificate generated by the Puppet CA, set this parameter to false to allow metrics to successfully send.

Default value: true

fips_verify_peer

Data type: Boolean

By default, the Puppet HTTP Client will attempt peer verfication. When utilizing a self-signed certificate set this parameter to false to allow metrics to successfully send.

Default value: true

token_summary

Data type: Optional[String]

Corresponds to puppet:summary in the Puppet Report Viewer When storing summary in a different index than the default token Note: The value of the token is converted to Puppet's Sensitive data type during catalog application.

Default value: undef

token_facts

Data type: Optional[String]

Corresponds to puppet:facts in the Puppet Report Viewer When storing facts in a different index than the default token Note: The value of the token is converted to Puppet's Sensitive data type during catalog application.

Default value: undef

token_metrics

Data type: Optional[String]

Corresponds to puppet:metrics in the Puppet Report Viewer When storing metrics in a different index than the default token Note: The value of the token is converted to Puppet's Sensitive data type during catalog application.

Default value: undef

token_events

Data type: Optional[String]

When storing events from pe_event_forwarding in a different index than the default token Note: The value of the token is converted to Puppet's Sensitive data type during catalog application.

Default value: undef

url_summary

Data type: Optional[String]

Similar to token_summary; used to store summary in a different index than the default url

Default value: undef

url_facts

Data type: Optional[String]

Similar to token_facts; used to store facts in a different index than the default url

Default value: undef

url_metrics

Data type: Optional[String]

Similar to token_metrics; used to store metrics in a different index than the default url

Default value: undef

url_events

Data type: Optional[String]

Similar to token_events; used to store events from pe_event_forwarding in a different index than the default url

Default value: undef

include_logs_status

Data type: Optional[Array]

Determines if puppet logs should be included based on the return status of the puppet agent run Can be none, one, or any of the following: failed, changed, unchanged

Default value: undef

include_logs_catalog_failure

Data type: Boolean

Include logs if catalog fails to compile

Default value: false

include_logs_corrective_change

Data type: Boolean

Include logs if there is a corrective change Only a PE feature

Default value: false

include_resources_status

Data type: Optional[Array]

Determines if resource events should be included based on return status of puppet agent run Does not include 'unchanged' status reports Allowed values are: failed, changed, unchanged

Default value: undef

include_resources_corrective_change

Data type: Boolean

Include resource events if there is a corrective change Only a PE feature

Default value: false

summary_resources_format

Data type: String

If include_resource_corrective_change or include_resources_status is set and thus resource_events are being sent as part of puppet:summary events, then can choose format. Allowed values are: 'hash', 'array'

Default value: 'hash'

event_types

Data type: Array

Determines which events should be forwarded to Splunk Allowed values are: 'orchestrator','rbac','classifier','pe-console','code-manager'

Default value: ['orchestrator','rbac','classifier','pe-console','code-manager']

orchestrator_data_filter

Data type: Optional[Array]

Filters the jobs event data

Default value: undef

rbac_data_filter

Data type: Optional[Array]

Filters the rbac event data

Default value: undef

classifier_data_filter

Data type: Optional[Array]

Filters the classifier event data

Default value: undef

pe_console_data_filter

Data type: Optional[Array]

Filters the pe_console event data

Default value: undef

code_manager_data_filter

Data type: Optional[Array]

Filters the code_manager event data

Default value: undef

Plans

splunk_hec::examples::apply_example

Example of submitting a report from apply Function to Splunk.

Parameters

The following parameters are available in the splunk_hec::examples::apply_example plan:

plan_guid

Data type: Optional[String[1]]

A guid used to identify invocation of the plan (should change each run)

plan_name

Data type: Optional[String[1]]

The name of the plan being run (shouldn't change each run)

splunk_hec::examples::result_example

An example of submitting a Task or Functions results to Splunk as a Task.