Does anybody have an ansible script which can be used to install the Splunk universal forwarder on multiple Windows hosts? I have set up a Linux like environment by installing cygwin on a Windows machine (2012 R2) and have installed the ansible version 2.3 on it.
This worked perfect for me:
Create playbook install_splunk_fwdr.yml with following:
---
- name: Install software
hosts: mygroup
gather_facts: false
tasks:
- name: Install Splunk Forwarder
win_chocolatey:
name: splunk-universalforwarder
state: present
Make sure in your inventory file the following is configured:
[mygroup]
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
[mygroup:vars]
ansible_user=<USERNAME>
ansible_password=<PASSWORD>
ansible_port=5986
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
Run playbook
ansible-playbook install_splunk_fwdr.yml
Thats it! 🙂
Hi @J03T What are the prerequisites on the Windows side other than setting up winrm?
Thanks,
AKN
@J03T Do you playbook for installing/upgrading Splunk Enterprise?
hello there,
its in splunk docs
https://docs.splunk.com/Documentation/Forwarder/7.0.2/Forwarder/InstallaWindowsuniversalforwarderrem...
hope it helps