Skip to content

Splunk App Configuration

Jump to bottom
my2ndhead edited this page Feb 18, 2016 · 8 revisions

Introduction

Ansible Playbook for Splunk helps deploying and managing apps.

Four types of apps can be deployed:

  • Apps under etc/apps
  • Apps under etc/deployment-apps
  • Apps under etc/master-apps
  • Apps under etc/shcluster/apps

Each app can be installed on any number of app directories and can also have it's own local customizations (local directory and metadata/local.meta)

To install apps, a variable file has to be created and a role per app has to be created, if the app is not already included. Also the role has to be inside the deploy_apps.yml playbook.

App sources can be either from bundles (tar.gz, .spl) or a git repository.

Bundles are stored in the Splunk repository under apps/<appdir>/<appbundle> (e.g. /var/lib/splunk_repository/apps/Splunk_TA_windows/splunk-add-on-for-microsoft-windows_480.tgz)

Git repositories are installed directly from the installation target. Therefore the git command has to be installed and the repository has to be reachable.

A new app is added by using the add_apps.yml playbook. See instructions below.

App Configuration (Spec):

############################################
#
# Possible values for apps
# 
############################################

<appname>
* Application Name (Path name)

  [apps|deployment_apps|master_apps|shcluster_apps]:
  * Installation destination
  * Note: Underscore instead of dash needed due to YAML Syntax

    install: <bool>
    * Should the app be installed.
    * Used to uninstall app

    clean_install: <bool>
    * Should the app directory be purged before (re-)installation

    bundle: <filename>
    * The file that contains the app (tar.gz/spl)
    * File must reside unter splunk_repository.repository_root/<appname>/<filename>

    git_repo: <url>
    * The path to the git repository

    git_version: <string>
    * The git branch or tag
    * Defaults to "HEAD" if unset

<appname>
...

Adding Apps

To add a new Splunk App or Add-On, a new role has to be created. Also the role has to be added to the deploy-apps playbook.

The easiest way to do this is to run the add_app.yml playbook. The script will prompt for the App Name which corresponds to the directory name of the app. Due to limitations in yaml, a valid variable name for the app has to be set (alphanumeric characters and underscores are valid).

This variable name has to be then used as a reference inside the app configuration file (see spec).

Customization (local + metadata/local.meta)

Local configuration files (*.conf) and local permissions (metadata/local.meta) can be placed inside the role directories under files. Following directories exist under the template app:

files/master-apps
files/master-apps/local
files/master-apps/metadata
files/apps
files/apps/local
files/apps/metadata
files/shcluster
files/shcluster/apps
files/shcluster/apps/local
files/shcluster/apps/metadata
files/deployment-apps
files/deployment-apps/local
files/deployment-apps/metadata

Ansible Playbook for Splunk by Mika Borner CC BY-NC-SA 4.0

Clone this wiki locally