Ansible Splunk Forwarder Installation
Installing Splunk forwarders with an ansible playbook.
This document shows you where to get the above animal.
From The README
This is an Ansible role and playbook for upgrading or installing a Splunk forwarder of the latest version.
The preconditions are:
- A Splunk server is configured and ready to receive forwarded messages
- The network and hosts allow the forwarded messages to get there
- Nothing bad happens
Modifications
A few things will need to be modified in the role:
- The desired version and package type of the Splunk forwarder will need to be added to the /files/ directory
- The current configured splunk servers will need to be added /vars/splunk-servers.yml
- The desired version and build number combination will need to be added to /vars/splunk-version.yml
- A suitably powerful users credentials will need to be added to /vars/main.yml
- Perhaps edit the /files/default-inputs.conf and /files/default-props.conf if you want
Caution
This Ansible role should remove any currently installed Splunk forwarder package and install the desired one.
I wanted this because I had a bunch of old 3.x.x and 4.x.x forwarders installed and they did not want to
cleanly update using the package.