All Apps and Add-ons

What would be the best way to configure collectd/UF for Splunk App for Infrastructure with Puppet Enterprise?

New Member

We already have a small Splunk setup and are just implementing a new Puppet Enterrprise setup. I am looking at including collectd and Universal Forwarder installation anyway and have started looking at Splunk App for Infrastructure as another way of consuming that data. Has anyone already worked through a best way of doing this via Puppet?

We already use collectd across our mixed Linux/Solaris estate so I have some extra work to do in Puppet on the Solaris part but something I can use as a starting point and extend would be most helpful.

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi gquigley!

Using puppet to set up the collection should be relatively easy, in that, all that is really required is to build a playbook for these steps for the collectd side:

http://docs.splunk.com/Documentation/Infrastructure/1.0.2/Admin/ManageAgents

Whereby you will install collectd and dependancies, as well as our plugin and collectd.conf config,

Then install the UF alongside it to grab any info from the system you require.

I would suggest first trying with our installer script on a dev machine, so you can get the ease of gui config, then examine the state of collectd and the UF post install, or even poke through the installer script to see how we are doing it.

The main items you will want to look at for collectd should be under /etc/collectd on most systems, and the UF will be in the /opt/splunkforwarder/etc/apps/splunk_app_infrastructure directory, where you will mainly be focusing on the inputs.conf and outputs.conf settings.

The other item to consider is that if your Splunk environment is a "distributed environment" with either mulitple indexers or an indexing cluster, you will need to create the necessary indexes on them.

Hope that helps get you started! If you are looking more for puppet related config/help, I'd suggest joining us in our slack chat - sign up here splk.it/slack, where other Splunk customers who use puppet may be able to help! my username is @mattymo, come find me if you need more help of info!

View solution in original post

0 Karma

Path Finder

Is there any documentation on the write_splunk collectd plugin?

-Archie

0 Karma

Splunk Employee
Splunk Employee

gquigley,

We are working on new OS support all the time. We'll take the Solaris requirement back to the product team and see about getting it supported in a future release.

Nick

0 Karma

New Member

Thanks, I thought it might be something like that. Fortunately our Splunk setup is still pretty small so that side of things is currently simpler.

It's a slight shame I can't get the write_splunk collectd plugin for Solaris or I'd have been able to standardise most of that part of the setup.

0 Karma

Splunk Employee
Splunk Employee

Hi gquigley!

Using puppet to set up the collection should be relatively easy, in that, all that is really required is to build a playbook for these steps for the collectd side:

http://docs.splunk.com/Documentation/Infrastructure/1.0.2/Admin/ManageAgents

Whereby you will install collectd and dependancies, as well as our plugin and collectd.conf config,

Then install the UF alongside it to grab any info from the system you require.

I would suggest first trying with our installer script on a dev machine, so you can get the ease of gui config, then examine the state of collectd and the UF post install, or even poke through the installer script to see how we are doing it.

The main items you will want to look at for collectd should be under /etc/collectd on most systems, and the UF will be in the /opt/splunkforwarder/etc/apps/splunk_app_infrastructure directory, where you will mainly be focusing on the inputs.conf and outputs.conf settings.

The other item to consider is that if your Splunk environment is a "distributed environment" with either mulitple indexers or an indexing cluster, you will need to create the necessary indexes on them.

Hope that helps get you started! If you are looking more for puppet related config/help, I'd suggest joining us in our slack chat - sign up here splk.it/slack, where other Splunk customers who use puppet may be able to help! my username is @mattymo, come find me if you need more help of info!

View solution in original post

0 Karma

Path Finder

How can this app be deployed to an existing enterprise environment with over 2k forwarders? The script fails when it see's an existing forwarder installed on the host. I also get a failure when the host tries to reach out to the world, firewall rules in enterprise environments typically block external routing. I was not able to locate any documentation around pre-existing environments and deploying this app.

0 Karma