Splunk
/
FredsAWSStandaloneWithSmartStore


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337
							ansible_post_tasks: <str>
* Comma-separated list of paths or URLs to custom Ansible playbooks to run AFTER Splunk has been setup using the provided site.yml
* Default: null

ansible_pre_tasks: <str>
* Comma-separated list of paths or URLs to custom Ansible playbooks to run BEFORE Splunk sets up using the provided site.yml
* Default: null

hide_password: <bool>
* Boolean that determines whether or not to output Splunk admin passwords through Ansible
* Default: false

retry_num: <int>
* Number of retries to make for potentially flakey/error-prone tasks
* Default: 50

shc_bootstrap_delay: <int>
* Number of seconds of delay when verifying SHC success on the deployer
* Default: 30

splunk_home_ownership_enforcement: true
* Boolean that to control and enable UAC on $SPLUNK_HOME (recommended to be enabled)
* Default: true

config:
  baked: <str>
  * Configuration filename
  * Default: default.yml

  defaults_dir: <str - filepath>
  * Location on filesystem where the default.yml can be found
  * Default: /tmp/defaults

  env:
    headers: <str>
    * Define header information (in necessary) when pulling default.yml from a URL 
    * Default: null

    var: <str>
    * Control environment variable name that determines location of default.yml 
    * Default: SPLUNK_DEFAULTS_URL

    verify: <bool>
    * Enable/disable SSL validation
    * Default: true
  host:
    headers: <str>
    * Define header information (in necessary) when pulling default.yml from a URL 
    * Default: null

    url: <str>
    * Define URL to pull default.yml from 
    * Default: null

    verify: <bool>
    * Enable/disable SSL validation
    * Default: true

  max_delay: <int>
  * Maximum duration (in seconds) between attempts to pull the default.yml from a remote source
  * Default: 60

  max_retries: <int>
  * Maximum attempts to pull the default.yml from a remote source
  * Default: 3

  max_timeout: <int>
  * Maximum timeout for attempts to pull the default.yml from a remote source
  * Default: 1200

splunkbase_username: <str>
* Used for authentication when downloading apps from https://splunkbase.splunk.com/ (this is NOT required to even be specified, unless you have SplunkBase apps defined in your splunk.apps_location)
* NOTE: Use this in combination with splunkbase_password. You will also need to run Ansible using the dynamic inventory script (environ.py) for this to register and work properly.
* Default: null

splunkbase_password: <str>
* Used for authentication when downloading apps from https://splunkbase.splunk.com/ (this is NOT required to even be specified, unless you have SplunkBase apps defined in your splunk.apps_location)
* NOTE: Use this in combination with splunkbase_username. You will also need to run Ansible using the dynamic inventory script (environ.py) for this to register and work properly.
* Default: null

splunk:
  role: <str>
  * Role to assume when setting up Splunk
  * Default: splunk_standalone

  upgrade: <bool>
  * Determines whether or not to perform an upgrade (to the splunk.build_location)
  * Default: false

  build_location: <str>
  * Splunk build location, either on the filesystem or a remote URL
  * Default: /tmp/splunk.tgz

  build_remote_src: <bool>
  * Boolean to determine whether the installer is local (false) or remote (true)
  * Default: true

  license_master_included: <bool>
  * Boolean to determine whether there exists a separate license master 
  * Default: false
  
  preferred_captaincy: <bool>
  * Boolean to determine whether splunk should set a preferred captain.  This can have an effect on day 2 operations if the search heads need to be restarted 
  * Default: true

  apps_location: <list>
  * List of apps to install - elements can be in the form of a URL or a location in the filessytem
  * Default: null

  license_uri: <str>
  * Path or remote URL to a valid Splunk license
  * Default: null

  ignore_license: <bool>
  * Allow proceeding with a bad/invalid Splunk license
  * Default: false

  license_download_dest: <str - filepath>
  * Path in filesystem where licenses will be downloaded as
  * Default: /tmp/splunk.lic

  nfr_license: <str - filepath>
  * Path in filesystem where of special NFR licenses
  * Default: /tmp/nfr_enterprise.lic

  wildcard_license: <bool>
  * Enable licenses to be interpreted as fileglobs, to support provisioning with multiple Splunk licenses
  * Default: false

  admin_user: <str>
  * Default admin-level user to run provisioning commands under
  * Default: admin

  password: <str>
  * Default Splunk admin user password. This is REQUIRED when starting Splunk
  * Default: null

  user: <str>
  * Host user under which Splunk will run
  * Default: splunk

  group: <str>
  * Host group under which Splunk will run
  * Default: splunk

  enable_service: <bool>
  * Determine whether or not to enable Splunk for boot-start (start via sysinitv or systemd, etc.)
  * Default: false

  opt: <str - filepath>
  * Path in filesystem where Splunk will be installed
  * Default: /opt

  home: <str - filepath>
  * Path in filesystem where SPLUNK_HOME is located
  * Default: /opt/splunk

  exec: <str - filepath>
  * Path in filesystem where splunk binary exists (this will depend on splunk.home)
  * Default: /opt/splunk/bin/splunk

  pid: <str - filepath>
  * Path in filesystem of splunk PID file (this will depend on splunk.home)
  * Default: /opt/splunk/var/run/splunk/splunkd.pid

  app_paths:
    default: <str - filepath>
    * Path in filesystem of default apps (this will depend on splunk.home)
    * Default: /opt/splunk/etc/apps

    deployment: <str - filepath>
    * Path in filesystem of deployment apps (this will depend on splunk.home)
    * Default: /opt/splunk/etc/deployment-apps

    httpinput: <str - filepath>
    * Path in filesystem of the HTTP input apps (this will depend on splunk.home)
    * Default: /opt/splunk/etc/apps/splunk_httpinput

    idxc: <str - filepath>
    * Path in filesystem of indexer cluster master apps (this will depend on splunk.home)
    * Default: /opt/splunk/etc/master-apps

    shc: <str - filepath>
    * Path in filesystem of search head cluster apps (this will depend on splunk.home)
    * Default: /opt/splunk/etc/shcluster/apps

  hec_disabled: <int|bool>
  * Determine whether or not to disable setting up the HTTP event collector (HEC)
  * Default: 0

  hec_enableSSL: <int|bool>
  * Determine whether or not to enable SSL on the HTTP event collector (HEC) endpoint
  * Default: 1

  hec_port: <int>
  * Determine the port used for the HTTP event collector (HEC) endpoint
  * Default: 8088

  hec_token: <str>
  * Determine a token to use for the HTTP event collector (HEC) endpoint
  * Default: null

  http_enableSSL: <int|bool>
  * Determine whether or not to enable SSL on SplunkWeb
  * Default: 0

  http_enableSSL_cert: <str>
  * Path in filesystem to SplunkWeb SSL certificate
  * Default: null

  http_enableSSL_privKey: <str>
  * Path in filesystem to SplunkWeb SSL private key
  * Default: null

  http_enableSSL_privKey_password: <str>
  * Password used to setup SplunkWeb SSL private key
  * Default: null

  http_port: <int>
  * Determine the port used for SplunkWeb
  * Default: 8000

  s2s_enable: <int|bool>
  * Determine whether or not to enable Splunk-to-Splunk communication. This is REQUIRED for any distributed topologies.
  * Default: true

  s2s_port: <int>
  * Determine the port used for Splunk-to-Splunk communication
  * Default: 9997

  svc_port: <int>
  * Determine the port used for Splunk management/remote API calls
  * Default: 8089

  search_head_cluster_url: null
  * URL of the Splunk search head cluster
  * Default: null

  secret: null
  * Secret passcode used to encrypt all of Splunk's sensitive information on disk. When not set, Splunk will autogenerate a unique secret local to each installation. This is NOT required for any standalone or distributed Splunk topology
  * NOTE: This may be set once at the start of provisioning any deployment. Any changes made to this splunk.secret after the deployment has been created must be resolved manually, otherwise there is a severe risk of bricking the capabilities of your Splunk environment.
  * Default: null

  idxc:
    enable: <bool>
    * Enable indexer clustering
    * Default: false

    label: <str>
    * Provide a label for indexer clustering configuration
    * Default: idxc_label

    replication_factor: <int>
    * Determine knowledge object replication factor
    * Default: 3

    replication_port: <int>
    * Determine the port used for replication of artifacts
    * Default: 9887

    search_factor: <int>
    * Determine the search factor used by indexer clustering
    * Default: 3

    secret: <str>
    * Determine the secret used to configure indexer clustering. This is REQUIRED when setting up indexer clustering
    * Default: null

  shc:
    enable: <bool>
    * Enable search head clustering
    * Default: false

    label: <str>
    * Provide a label for search head clustering configuration
    * Default: shc_label

    replication_factor: <int>
    * Determine knowledge object replication factor
    * Default: 3

    replication_port: <int>
    * Determine the port used for replication of artifacts
    * Default: 9887

    secret: <str>
    * Determine the secret used to configure search head clustering. This is REQUIRED when setting up search head clustering
    * Default: null

  dfs:
    enable: <bool>
    * Enable Data Fabric Search (DFS)
    * Default: false

    port: <int>
    * Identifies the port on which the DFSMaster Java process runs.
    * Default: 9000

    dfc_num_slots: <int>
    * Maximum number of concurrent DFS searches that run on each search head
    * Default: 4
    
    dfw_num_slots: <int>
    * Maximum number of concurrent DFS searches that run on a search head cluster
    * Default: 10
    
    dfw_num_slots_enabled: <bool>
    * Enables you to set the value of the field dfw_num_slots.
    * Default: false

    spark_master_host: <str>
    * This setting identifies the Spark master.
    * Default: 127.0.0.1

    spark_master_webui_port: <int>
    * Identifies the port for the Spark master web UI.
    * Default: 8080

  smartstore: <dict>
  * Nested dict obj to enable automatic SmartStore provisioning
  * Default: null

  tar_dir: <str>
  * Name of directory for the Splunk tar
  * Default: splunk
  
  conf: <dict>
    (filename):
      directory: <str - filepath>
      * Path in filesystem to create `.conf` file
      * Default: /opt/splunk/etc/system/local

      content: <dict>
        (section name): <dict>
          (name) : (value)
            * Key-value pairs in configuration file