Monday, April 28, 2014

Custom Splunk monitor parameters in Puppet

I'm using the example42 Splunk Puppet module from Puppet Forge, which is great for installing Splunk but doesn't list on its Forge page how to create a custom monitor:

# https://github.com/example42/puppet-splunk/blob/master/manifests/input/monitor.pp
splunk::input::monitor { "messages":
  path => "/var/log/messages",
  index => "main",
  sourcetype => "messages",
  ignoreOlderThan => "2d",
  blacklist => "\.(txt|gz|bz2)",
}

I had to hunt through the github repo for this module to figure out the above code.  You add this as a separate class from the main install class.  Hopefully this quick post will help someone in the future!
Posted by at

1 comment:

  1. UnknownJuly 18, 2014 at 6:16 AM

    The path parameter is passed to a .each template so should be a list

    # https://github.com/example42/puppet-splunk/blob/master/manifests/input/monitor.pp
    splunk::input::monitor { "messages":
    path => [ "/var/log/messages" ],
    index => "main",
    sourcetype => "messages",
    ignoreOlderThan => "2d",
    blacklist => "\.(txt|gz|bz2)",
    }

    ReplyDelete

Subscribe to: Post Comments (Atom)