community.general.splunk callback – Sends task result events to Splunk HTTP Event Collector
Note
This callback plugin is part of the community.general collection (version 9.5.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this callback plugin,
see Requirements for details.
To use it in a playbook, specify: community.general.splunk
.
Callback plugin
This plugin is a notification callback. It sends information for a playbook run to other applications, services, or systems. See Callback plugins for more information on callback plugins.
Synopsis
This callback plugin will send task results as JSON formatted events to a Splunk HTTP collector.
The companion Splunk Monitoring & Diagnostics App is available here https://splunkbase.splunk.com/app/4023/.
Credit to “Ryan Currah (@ryancurrah)” for original source upon which this is based.
Requirements
The below requirements are needed on the local controller node that executes this callback.
Whitelisting this callback plugin
Create a HTTP Event Collector in Splunk
Define the URL and token in
ansible.cfg
Parameters
Parameter |
Comments |
---|---|
Token to authenticate the connection to the Splunk HTTP collector. Configuration:
|
|
Correlation ID which can be set across multiple playbook executions. Configuration:
|
|
Whether to include milliseconds as part of the generated timestamp field in the event sent to the Splunk HTTP collector. Choices:
Configuration:
|
|
URL to the Splunk HTTP collector source. Configuration:
|
|
Whether to validate certificates for connections to HEC. It is not recommended to set to Choices:
Configuration:
|
Examples
examples: >
To enable, add this to your ansible.cfg file in the defaults block
[defaults]
callback_whitelist = community.general.splunk
Set the environment variable
export SPLUNK_URL=http://mysplunkinstance.datapaas.io:8088/services/collector/event
export SPLUNK_AUTHTOKEN=f23blad6-5965-4537-bf69-5b5a545blabla88
Set the ansible.cfg variable in the callback_splunk block
[callback_splunk]
url = http://mysplunkinstance.datapaas.io:8088/services/collector/event
authtoken = f23blad6-5965-4537-bf69-5b5a545blabla88