---
#
# edX Configuration
#
# github: https://github.com/edx/configuration
# wiki: https://openedx.atlassian.net/wiki/display/OpenOPS
# code style: https://openedx.atlassian.net/wiki/display/OpenOPS/Ansible+Code+Conventions
# license: https://github.com/edx/configuration/blob/master/LICENSE.TXT
#
##
# Defaults for role splunk-server
#
#
# vars are namespaced with the module name.
#
SPLUNK_INDEXES: []
SPLUNK_ALERTS: []
# A list of dicts with the following keys:
#
# name: (string, required)
# The name of the alert
#
# description: (string, optional)
# A description of the alert. Appears in the Splunk UI.
#
# email: (list[string], optional)
# List of email addresses to send to when alert is triggered
#
# message: (string, optional)
# Body of the alert email. You can include information from the alert via the tokens documented here:
# http://docs.splunk.com/Documentation/Splunk/6.4.1/Alert/EmailNotificationTokens
#
# search: (string, required)
# Splunk query to use
#
# schedule: (string, default: "*/15 * * * *")
# The cron-style schedule on which to run the alert
#
# counttype: ("number of events" | "number of hosts" | "number of sources" | "always", default: "number of events")
#
# comparison: ("greater than" | "less than" | "equal to" | "not equal to" | "drops by" | "rises by", default: "greater than")
#
# quantity: (number, default: 0)
# Alert will trigger when "counttype comparison quantity" is true, e.g. "number of events > 10"
#
# time: (string, default: "-15m")
# Events will be searched from this value until now. "rt" indicates "realtime".
#
# severity: ([1-6], {{splunk_alert_default_severity}})
# The severity of the alert. 1-debug, 2-info, 3-warn, 4-error, 5-severe, 6-fatal
#
# digest_delay: (string, optional)
# Whether to send email digests at most every "digest_delay" rather than for every alert. e.g. 15m
#
# NB: None of the string values can contain newlines except "message"
SPLUNK_FIELD_EXTRACTIONS: []
# A list of dicts of the following form.
# source and sourcetype are mutually exclusive
# - sourcetype | source:
# name:
# regex:
SPLUNK_DASHBOARDS: []
# A list of paths of dashboard xml.j2 templates.
# xml templates must be of the form expected by Splunk.
# For an example, create a dashboard in the Splunk UI and go to Edit > Edit Source
# e.g.
# - {{ role_path }}/../../../secure-repo/path/to/templates/template.xml.j2
SPLUNK_ALERT_DEFAULT_SEVERITY: "3"
SPLUNK_VOLUMES: []
# Should include protocol & a trailing slash, e.g. http://splunk.mydomain.com/
SPLUNK_HOSTNAME: splunk.example.com
SPLUNK_SMTP_SERVER: smtp.example.com
SPLUNK_SMTP_USERNAME: username
SPLUNK_SMTP_PASSWORD: password
SPLUNK_FROM_ADDRESS: no-reply@example.com
SPLUNK_EMAIL_FOOTER: Generated by {{ SPLUNK_HOSTNAME }}
SPLUNK_SSL_HOSTNAME: splunk.example.com:443
# SSL settings. Either all or none of these must be defined.
# For more details about setting up splunk with SSL, see
# https://openedx.atlassian.net/wiki/display/EdxOps/viewpage.action?pageId=40174184
SPLUNK_SSL_CERT: !!null
SPLUNK_SSL_PASSWORD: !!null
SPLUNK_SSL_ROOT_CA: !!null
splunk-server_role_name: splunk-server
splunk_user: "splunk"
splunk_root: "/vol/splunk"
splunk_home: "/opt/splunk"
splunk_hot_dir: "{{ splunk_root }}/hot"
splunk_thawed_dir: "{{ splunk_root }}/thawed"
splunk_cold_dir: "{{ splunk_root }}/cold"
splunk_frozen_dir: "{{ splunk_root }}/frozen"
splunk_ssl_port: 9995
splunk_cert_path: 'etc/auth/edxcerts'
#
# OS packages
#
splunk-server_debian_pkgs: []
splunk-server_redhat_pkgs: []
#S3 bucket to store data rolled from splunk cold bucket
SPLUNK_FROZEN_DB_S3_BUCKET: 'splunk-s3-frozen-bucket-name-here'