* add splunk searches via ansible

* Fix jinja syntax, add docs

* Add splunk field extractions via ansible

* Use a boolean rather than a number

The fact that splunk uses "1" and "0" to represent booleans is
orthogonal to booleans in yaml. Switching to true booleans for a better
user experience.

* Additional cleanup around splunk searches interface

* Switch splunk role to using common_vars and overrides

This way, we can support environments where we don't, for example, use
datadog.

* Make splunk playbook actually call splunk role

* Fix all the bugs

* Add splunk email config

* Make realtime alerts work

* Add more documentation around splunk alerts

* Address comments