Commit e2980f1e by syed-awais-ali

splunk changes for edx

parent b6781dc2
...@@ -9,13 +9,12 @@ ...@@ -9,13 +9,12 @@
# #
## ##
# Defaults for role splunk-server # Defaults for role splunk-server
# #
# #
# vars are namespaced with the module name. # vars are namespaced with the module name.
# #
SPLUNK_INDEXES: SPLUNK_INDEXES: []
- "default"
SPLUNK_ALERTS: [] SPLUNK_ALERTS: []
# A list of dicts with the following keys: # A list of dicts with the following keys:
...@@ -83,6 +82,7 @@ SPLUNK_SMTP_USERNAME: username ...@@ -83,6 +82,7 @@ SPLUNK_SMTP_USERNAME: username
SPLUNK_SMTP_PASSWORD: password SPLUNK_SMTP_PASSWORD: password
SPLUNK_FROM_ADDRESS: no-reply@example.com SPLUNK_FROM_ADDRESS: no-reply@example.com
SPLUNK_EMAIL_FOOTER: Generated by {{ SPLUNK_HOSTNAME }} SPLUNK_EMAIL_FOOTER: Generated by {{ SPLUNK_HOSTNAME }}
SPLUNK_SSL_HOSTNAME: splunk.example.com:443
# SSL settings. Either all or none of these must be defined. # SSL settings. Either all or none of these must be defined.
# For more details about setting up splunk with SSL, see # For more details about setting up splunk with SSL, see
...@@ -94,7 +94,7 @@ SPLUNK_SSL_ROOT_CA: !!null ...@@ -94,7 +94,7 @@ SPLUNK_SSL_ROOT_CA: !!null
splunk-server_role_name: splunk-server splunk-server_role_name: splunk-server
splunk_user: "splunk" splunk_user: "splunk"
splunk_root: "/vol/splunk/storage" splunk_root: "/vol/splunk"
splunk_home: "/opt/splunk" splunk_home: "/opt/splunk"
splunk_hot_dir: "{{ splunk_root }}/hot" splunk_hot_dir: "{{ splunk_root }}/hot"
......
...@@ -55,7 +55,7 @@ ...@@ -55,7 +55,7 @@
dest: "{{ splunk_home }}/etc/system/local/inputs.conf" dest: "{{ splunk_home }}/etc/system/local/inputs.conf"
owner: splunk owner: splunk
group: splunk group: splunk
mode: "0644" mode: "0600"
- name: Create bucket directories - name: Create bucket directories
file: file:
...@@ -90,7 +90,7 @@ ...@@ -90,7 +90,7 @@
dest: "{{ splunk_home }}/etc/apps/search/local/indexes.conf" dest: "{{ splunk_home }}/etc/apps/search/local/indexes.conf"
owner: "{{ splunk_user }}" owner: "{{ splunk_user }}"
group: "{{ splunk_user }}" group: "{{ splunk_user }}"
mode: 0700 mode: 0600
tags: tags:
- "install" - "install"
- "install:configuration" - "install:configuration"
...@@ -101,7 +101,7 @@ ...@@ -101,7 +101,7 @@
dest: "{{ splunk_home }}/etc/system/local/alert_actions.conf" dest: "{{ splunk_home }}/etc/system/local/alert_actions.conf"
owner: "{{ splunk_user }}" owner: "{{ splunk_user }}"
group: "{{ splunk_user }}" group: "{{ splunk_user }}"
mode: 0700 mode: 0600
tags: tags:
- install - install
- install:configuration - install:configuration
...@@ -112,7 +112,7 @@ ...@@ -112,7 +112,7 @@
dest: "{{ splunk_home }}/etc/apps/search/local/savedsearches.conf" dest: "{{ splunk_home }}/etc/apps/search/local/savedsearches.conf"
owner: "{{ splunk_user }}" owner: "{{ splunk_user }}"
group: "{{ splunk_user }}" group: "{{ splunk_user }}"
mode: 0700 mode: 0600
tags: tags:
- "install" - "install"
- "install:configuration" - "install:configuration"
......
{% for name in SPLUNK_INDEXES %} {% for index in SPLUNK_INDEXES %}
[{{ name }}] [{{ index.name }}]
coldPath = {{ splunk_cold_dir }}/{{ name }}/colddb {% if index.coldPath is defined %}
homePath = {{ splunk_hot_dir }}/{{ name }}/db coldPath = {{ index.coldPath }}
thawedPath = {{ splunk_thawed_dir }}/{{ name }}/thaweddb {% else %}
coldToFrozenDir = {{ splunk_frozen_dir }}/{{ name }}/frozendb coldPath = {{ splunk_cold_dir }}/{{ index.name }}/colddb
{% endif %}
{% if index.homePath is defined %}
homePath = {{ index.homePath }}
{% else %}
homePath = {{ splunk_hot_dir }}/{{ index.name }}/db
{% endif %}
{% if index.thawedPath is defined %}
thawedPath = {{ index.thawedPath }}
{% else %}
thawedPath = {{ splunk_thawed_dir }}/{{ index.name }}/thaweddb
{% endif %}
{% if index.coldToFrozenDir is not defined %}
coldToFrozenDir = {{ splunk_frozen_dir }}/{{ index.name }}/frozendb
{% endif %}
{% if index.disabled is defined %}
disabled = {{ index.disabled }}
{% endif %}
{% if index.home is defined %}
home = {{ index.home }}
{% endif %}
{% if index.enableDataIntegrityControl is defined %}
enableDataIntegrityControl = {{ index.enableDataIntegrityControl }}
{% endif %}
{% if index.maxTotalDataSizeMB is defined %}
maxTotalDataSizeMB = {{ index.maxTotalDataSizeMB }}
{% endif %}
{% if index.enableTsidxReduction is defined %}
enableTsidxReduction = {{ index.enableTsidxReduction }}
{% endif %}
{% endfor %} {% endfor %}
...@@ -4,6 +4,8 @@ ...@@ -4,6 +4,8 @@
{% elif 'sourcetype' in extraction %} {% elif 'sourcetype' in extraction %}
[{{ extraction.sourcetype }}] [{{ extraction.sourcetype }}]
{% endif %} {% endif %}
{% if extraction.name is defined %}
EXTRACT-{{ extraction.name }} = {{ extraction.regex }} EXTRACT-{{ extraction.name }} = {{ extraction.regex }}
{% endif %}
{% endfor %} {% endfor %}
[email] [email]
mailserver = {{ SPLUNK_SMTP_SERVER }}
pdf.header_left = none
pdf.header_right = none
auth_password = {{ SPLUNK_SMTP_PASSWORD }} auth_password = {{ SPLUNK_SMTP_PASSWORD }}
auth_username = {{ SPLUNK_SMTP_USERNAME }} auth_username = {{ SPLUNK_SMTP_USERNAME }}
footer.text = {{ SPLUNK_EMAIL_FOOTER }} footer.text = {{ SPLUNK_EMAIL_FOOTER }}
hostname = {{ SPLUNK_HOSTNAME }} hostname = {{ SPLUNK_SSL_HOSTNAME }}
mailserver = {{ SPLUNK_SMTP_SERVER }}
reportServerURL =
use_tls = 1
pdf.header_left = none
pdf.header_right = none
use_ssl = 0
from = {{ SPLUNK_FROM_ADDRESS }} from = {{ SPLUNK_FROM_ADDRESS }}
pdf.footer_enabled = 0
pdf.header_enabled = 0
use_tls = 1
\ No newline at end of file
...@@ -6,8 +6,8 @@ host = {{ SPLUNK_HOSTNAME }} ...@@ -6,8 +6,8 @@ host = {{ SPLUNK_HOSTNAME }}
compressed = true compressed = true
[SSL] [SSL]
serverCert = $SPLUNK_HOME/{{ splunk_cert_path }}/forwarder.pem
password = {{ SPLUNK_SSL_PASSWORD }} password = {{ SPLUNK_SSL_PASSWORD }}
requireClientCert = false requireClientCert = false
rootCA = $SPLUNK_HOME/{{ splunk_cert_path }}/cacert.pem rootCA = $SPLUNK_HOME/{{ splunk_cert_path }}/cacert.pem
{% endif %} serverCert = $SPLUNK_HOME/{{ splunk_cert_path }}/forwarder.pem
\ No newline at end of file {% endif %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment