ansible_post_tasks: * Comma-separated list of paths or URLs to custom Ansible playbooks to run AFTER Splunk has been setup using the provided site.yml * Default: null ansible_pre_tasks: * Comma-separated list of paths or URLs to custom Ansible playbooks to run BEFORE Splunk sets up using the provided site.yml * Default: null hide_password: * Boolean that determines whether or not to output Splunk admin passwords through Ansible * Default: false retry_num: * Number of retries to make for potentially flakey/error-prone tasks * Default: 50 shc_bootstrap_delay: * Number of seconds of delay when verifying SHC success on the deployer * Default: 30 splunk_home_ownership_enforcement: true * Boolean that to control and enable UAC on $SPLUNK_HOME (recommended to be enabled) * Default: true config: baked: * Configuration filename * Default: default.yml defaults_dir: * Location on filesystem where the default.yml can be found * Default: /tmp/defaults env: headers: * Define header information (in necessary) when pulling default.yml from a URL * Default: null var: * Control environment variable name that determines location of default.yml * Default: SPLUNK_DEFAULTS_URL verify: * Enable/disable SSL validation * Default: true host: headers: * Define header information (in necessary) when pulling default.yml from a URL * Default: null url: * Define URL to pull default.yml from * Default: null verify: * Enable/disable SSL validation * Default: true max_delay: * Maximum duration (in seconds) between attempts to pull the default.yml from a remote source * Default: 60 max_retries: * Maximum attempts to pull the default.yml from a remote source * Default: 3 max_timeout: * Maximum timeout for attempts to pull the default.yml from a remote source * Default: 1200 splunkbase_username: * Used for authentication when downloading apps from https://splunkbase.splunk.com/ (this is NOT required to even be specified, unless you have SplunkBase apps defined in your splunk.apps_location) * NOTE: Use this in combination with splunkbase_password. You will also need to run Ansible using the dynamic inventory script (environ.py) for this to register and work properly. * Default: null splunkbase_password: * Used for authentication when downloading apps from https://splunkbase.splunk.com/ (this is NOT required to even be specified, unless you have SplunkBase apps defined in your splunk.apps_location) * NOTE: Use this in combination with splunkbase_username. You will also need to run Ansible using the dynamic inventory script (environ.py) for this to register and work properly. * Default: null splunk: role: * Role to assume when setting up Splunk * Default: splunk_standalone upgrade: * Determines whether or not to perform an upgrade (to the splunk.build_location) * Default: false build_location: * Splunk build location, either on the filesystem or a remote URL * Default: /tmp/splunk.tgz build_remote_src: * Boolean to determine whether the installer is local (false) or remote (true) * Default: true license_master_included: * Boolean to determine whether there exists a separate license master * Default: false preferred_captaincy: * Boolean to determine whether splunk should set a preferred captain. This can have an effect on day 2 operations if the search heads need to be restarted * Default: true apps_location: * List of apps to install - elements can be in the form of a URL or a location in the filessytem * Default: null license_uri: * Path or remote URL to a valid Splunk license * Default: null ignore_license: * Allow proceeding with a bad/invalid Splunk license * Default: false license_download_dest: * Path in filesystem where licenses will be downloaded as * Default: /tmp/splunk.lic nfr_license: * Path in filesystem where of special NFR licenses * Default: /tmp/nfr_enterprise.lic wildcard_license: * Enable licenses to be interpreted as fileglobs, to support provisioning with multiple Splunk licenses * Default: false admin_user: * Default admin-level user to run provisioning commands under * Default: admin password: * Default Splunk admin user password. This is REQUIRED when starting Splunk * Default: null user: * Host user under which Splunk will run * Default: splunk group: * Host group under which Splunk will run * Default: splunk enable_service: * Determine whether or not to enable Splunk for boot-start (start via sysinitv or systemd, etc.) * Default: false opt: * Path in filesystem where Splunk will be installed * Default: /opt home: * Path in filesystem where SPLUNK_HOME is located * Default: /opt/splunk exec: * Path in filesystem where splunk binary exists (this will depend on splunk.home) * Default: /opt/splunk/bin/splunk pid: * Path in filesystem of splunk PID file (this will depend on splunk.home) * Default: /opt/splunk/var/run/splunk/splunkd.pid app_paths: default: * Path in filesystem of default apps (this will depend on splunk.home) * Default: /opt/splunk/etc/apps deployment: * Path in filesystem of deployment apps (this will depend on splunk.home) * Default: /opt/splunk/etc/deployment-apps httpinput: * Path in filesystem of the HTTP input apps (this will depend on splunk.home) * Default: /opt/splunk/etc/apps/splunk_httpinput idxc: * Path in filesystem of indexer cluster master apps (this will depend on splunk.home) * Default: /opt/splunk/etc/master-apps shc: * Path in filesystem of search head cluster apps (this will depend on splunk.home) * Default: /opt/splunk/etc/shcluster/apps hec_disabled: * Determine whether or not to disable setting up the HTTP event collector (HEC) * Default: 0 hec_enableSSL: * Determine whether or not to enable SSL on the HTTP event collector (HEC) endpoint * Default: 1 hec_port: * Determine the port used for the HTTP event collector (HEC) endpoint * Default: 8088 hec_token: * Determine a token to use for the HTTP event collector (HEC) endpoint * Default: null http_enableSSL: * Determine whether or not to enable SSL on SplunkWeb * Default: 0 http_enableSSL_cert: * Path in filesystem to SplunkWeb SSL certificate * Default: null http_enableSSL_privKey: * Path in filesystem to SplunkWeb SSL private key * Default: null http_enableSSL_privKey_password: * Password used to setup SplunkWeb SSL private key * Default: null http_port: * Determine the port used for SplunkWeb * Default: 8000 s2s_enable: * Determine whether or not to enable Splunk-to-Splunk communication. This is REQUIRED for any distributed topologies. * Default: true s2s_port: * Determine the port used for Splunk-to-Splunk communication * Default: 9997 svc_port: * Determine the port used for Splunk management/remote API calls * Default: 8089 search_head_cluster_url: null * URL of the Splunk search head cluster * Default: null secret: null * Secret passcode used to encrypt all of Splunk's sensitive information on disk. When not set, Splunk will autogenerate a unique secret local to each installation. This is NOT required for any standalone or distributed Splunk topology * NOTE: This may be set once at the start of provisioning any deployment. Any changes made to this splunk.secret after the deployment has been created must be resolved manually, otherwise there is a severe risk of bricking the capabilities of your Splunk environment. * Default: null idxc: enable: * Enable indexer clustering * Default: false label: * Provide a label for indexer clustering configuration * Default: idxc_label replication_factor: * Determine knowledge object replication factor * Default: 3 replication_port: * Determine the port used for replication of artifacts * Default: 9887 search_factor: * Determine the search factor used by indexer clustering * Default: 3 secret: * Determine the secret used to configure indexer clustering. This is REQUIRED when setting up indexer clustering * Default: null shc: enable: * Enable search head clustering * Default: false label: * Provide a label for search head clustering configuration * Default: shc_label replication_factor: * Determine knowledge object replication factor * Default: 3 replication_port: * Determine the port used for replication of artifacts * Default: 9887 secret: * Determine the secret used to configure search head clustering. This is REQUIRED when setting up search head clustering * Default: null dfs: enable: * Enable Data Fabric Search (DFS) * Default: false port: * Identifies the port on which the DFSMaster Java process runs. * Default: 9000 dfc_num_slots: * Maximum number of concurrent DFS searches that run on each search head * Default: 4 dfw_num_slots: * Maximum number of concurrent DFS searches that run on a search head cluster * Default: 10 dfw_num_slots_enabled: * Enables you to set the value of the field dfw_num_slots. * Default: false spark_master_host: * This setting identifies the Spark master. * Default: 127.0.0.1 spark_master_webui_port: * Identifies the port for the Spark master web UI. * Default: 8080 smartstore: * Nested dict obj to enable automatic SmartStore provisioning * Default: null tar_dir: * Name of directory for the Splunk tar * Default: splunk conf: (filename): directory: * Path in filesystem to create `.conf` file * Default: /opt/splunk/etc/system/local content: (section name): (name) : (value) * Key-value pairs in configuration file