splunk.es.splunk_data_inputs_monitor module – Splunk Data Inputs of type Monitor resource module
Note
This module is part of the splunk.es collection (version 4.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install splunk.es
.
To use it in a playbook, specify: splunk.es.splunk_data_inputs_monitor
.
New in splunk.es 2.1.0
Synopsis
Module to add/modify or delete, File and Directory Monitor Data Inputs in Splunk.
Tested against Splunk Enterprise Server 8.2.3
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
---|---|
Configure file and directory monitoring on the system |
|
Specify a regular expression for a file path. The file path that matches this regular expression is not indexed. |
|
If set to This parameter is not returned back by Splunk while obtaining object information. It is therefore left out while performing idempotency checks Choices:
|
|
If set to This parameter is not returned back by Splunk while obtaining object information. It is therefore left out while performing idempotency checks Choices:
|
|
A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation). |
|
Indicates if input monitoring is disabled. Choices:
|
|
If set to Choices:
|
|
The value to populate in the host field for events from this data input. Default: |
|
Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group. |
|
Use the specified slash-separate segment of the filepath as the host field value. |
|
Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored. This parameter is not returned back by Splunk while obtaining object information. It is therefore left out while performing idempotency checks |
|
Which index events from this input should be stored in. Defaults to default. Default: |
|
The file or directory path to monitor on the system. |
|
Setting this to False prevents monitoring of any subdirectories encountered within this data input. Choices:
|
|
The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs. This parameter is not returned back by Splunk while obtaining object information. It is therefore left out while performing idempotency checks |
|
The value to populate in the sourcetype field for incoming events. |
|
When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data. This parameter is not returned back by Splunk while obtaining object information. It is therefore left out while performing idempotency checks |
|
Specify a regular expression for a file path. Only file paths that match this regular expression are indexed. |
|
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command. |
|
The state the configuration should be left in Choices:
|
Examples
# Using gathered
# --------------
- name: Gather config for specified Data inputs monitors
splunk.es.splunk_data_inputs_monitor:
config:
- name: "/var/log"
- name: "/var"
state: gathered
# RUN output:
# -----------
# "gathered": [
# {
# "blacklist": "//var/log/[a-z0-9]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "host_regex": "/(test_host)/gm",
# "host_segment": 3,
# "index": "default",
# "name": "/var/log",
# "recursive": true,
# "sourcetype": "test_source",
# "whitelist": "//var/log/[0-9]/gm"
# }
# ]
#
# Using merged
# ------------
- name: Update Data inputs monitors config
splunk.es.splunk_data_inputs_monitor:
config:
- name: "/var/log"
blacklist: "//var/log/[a-z]/gm"
check_index: true
check_path: true
crc_salt: <SOURCE>
rename_source: "test"
whitelist: "//var/log/[0-9]/gm"
state: merged
# RUN output:
# -----------
# "after": [
# {
# "blacklist": "//var/log/[a-z]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "host_regex": "/(test_host)/gm",
# "host_segment": 3,
# "index": "default",
# "name": "/var/log",
# "recursive": true,
# "sourcetype": "test_source",
# "whitelist": "//var/log/[0-9]/gm"
# }
# ],
# "before": [
# {
# "blacklist": "//var/log/[a-z0-9]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "host_regex": "/(test_host)/gm",
# "host_segment": 3,
# "index": "default",
# "name": "/var/log",
# "recursive": true,
# "sourcetype": "test_source",
# "whitelist": "//var/log/[0-9]/gm"
# }
# ],
# Using replaced
# --------------
- name: To Replace Data inputs monitors config
splunk.es.splunk_data_inputs_monitor:
config:
- name: "/var/log"
blacklist: "//var/log/[a-z0-9]/gm"
crc_salt: <SOURCE>
index: default
state: replaced
# RUN output:
# -----------
# "after": [
# {
# "blacklist": "//var/log/[a-z0-9]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "index": "default",
# "name": "/var/log"
# }
# ],
# "before": [
# {
# "blacklist": "//var/log/[a-z0-9]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "host_regex": "/(test_host)/gm",
# "host_segment": 3,
# "index": "default",
# "name": "/var/log",
# "recursive": true,
# "sourcetype": "test_source",
# "whitelist": "//var/log/[0-9]/gm"
# }
# ],
# Using deleted
# -----------
- name: To Delete Data inpur monitor config
splunk.es.splunk_data_inputs_monitor:
config:
- name: "/var/log"
state: deleted
# RUN output:
# -----------
#
# "after": [],
# "before": [
# {
# "blacklist": "//var/log/[a-z0-9]/gm",
# "crc_salt": "<SOURCE>",
# "disabled": false,
# "host": "$decideOnStartup",
# "index": "default",
# "name": "/var/log"
# }
# ],
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The configuration as structured data after module completion. Returned: when changed Sample: |
|
The configuration as structured data prior to module invocation. Returned: always Sample: |