The vars
The playbook
and profit !
---
splunk_home: /opt/splunkforwarder
splunk_exec: "{{ splunk_home }}/bin/splunk"
The playbook
---
- name: install splunk forwarder
yum: name=splunkforwarder
state=latest
become: yes
# check for first time run
- stat:
path: "{{ splunk_home }}/ftr"
register: result_splunk_ftr_stat
- block:
- name: setup splunk for first time run
shell: |
ps aux|grep splunkd && pkill -9 splunkd || true
{{ splunk_exec }} start --accept-license --answer-yes --no-prompt
{{ splunk_exec }} enable boot-start
when: result_splunk_ftr_stat.stat.exists
become: yes
# Only add servers which are not in list
# shell: /opt/splunkforwarder/bin/splunk list forward-server -auth user:pass
# register: current_fwd_list
#- block:
# shell: "{{ splunk_exec }} add forward-server {{ splunk_server }}:{{ splunk_server_port }} -auth user:pass"
# when: item not in current_fwd_list
# become: yes
# with_items: splunk_fwd_server
# same logic for adding logs
# - shell: "{{ splunk_exec }} add monitor {{ item.path }} -index {{ item.idx }} -sourcetype {{ item.path }} || true"
# with_items: "{{ splunk_log_files }}"
and profit !