community.general.splunk – Sends task result events to Splunk HTTP Event Collector

Note

This plugin is part of the community.general collection (version 3.8.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.splunk.

Synopsis
Requirements
Parameters
Examples

Synopsis

This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
The companion Splunk Monitoring & Diagnostics App is available here “https://splunkbase.splunk.com/app/4023/”
Credit to “Ryan Currah (@ryancurrah)” for original source upon which this is based.

Requirements

The below requirements are needed on the local controller node that executes this callback.

Whitelisting this callback plugin
Create a HTTP Event Collector in Splunk
Define the url and token in ansible.cfg

Parameters

Parameter	Choices/Defaults	Configuration	Comments
authtoken string		ini entries: [callback_splunk] authtoken = None env:SPLUNK_AUTHTOKEN	Token to authenticate the connection to the Splunk HTTP collector
batch string added in 3.3.0 of community.general		ini entries: [callback_splunk] batch = None env:SPLUNK_BATCH	Correlation ID which can be set across multiple playbook executions.
include_milliseconds boolean added in 2.0.0 of community.general	Choices: no ← yes	ini entries: [callback_splunk] include_milliseconds = no env:SPLUNK_INCLUDE_MILLISECONDS	Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector
url string		ini entries: [callback_splunk] url = None env:SPLUNK_URL	URL to the Splunk HTTP collector source
validate_certs boolean added in 1.0.0 of community.general	Choices: no yes ←	ini entries: [callback_splunk] validate_certs = yes env:SPLUNK_VALIDATE_CERTS	Whether to validate certificates for connections to HEC. It is not recommended to set to `false` except when you are sure that nobody can intercept the connection between this plugin and HEC, as setting it to `false` allows man-in-the-middle attacks!

Examples

examples: >
  To enable, add this to your ansible.cfg file in the defaults block
    [defaults]
    callback_whitelist = community.general.splunk
  Set the environment variable
    export SPLUNK_URL=http://mysplunkinstance.datapaas.io:8088/services/collector/event
    export SPLUNK_AUTHTOKEN=f23blad6-5965-4537-bf69-5b5a545blabla88
  Set the ansible.cfg variable in the callback_splunk block
    [callback_splunk]
    url = http://mysplunkinstance.datapaas.io:8088/services/collector/event
    authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88

Authors

Stuart Hirst (!UNKNOWN) <support@convergingdata.com>

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/splunk_callback.html