Hi,
I am new to Splunk and Tower and was wondering what configuration is needed for the Ansible Tower App for Splunk please?
Thanks in advance.
@dsilva, do you know when we can expect an update to the app to use the HEC instead of inputs? Does the current app with with the data ingested from the HEC?
Seems like the link above https://drive.google.com/open?id=0BwQo5E6M4FJsRjVNSGVPYjdEU3c is not working. Could you reply again ? I am setting up this and had some issues.
I did look here https://github.com/ansible/ansible-tower-splunk-framework and added values into https://github.com/ansible/ansible-tower-splunk-framework/blob/master/tower_app/README/inputs.conf.s.... Seems to work but still would like to see your solution.
I understand the need for inputs but how do you interface to them ? Are these just files on the Ansible machine or are they feeds from the Ansible database ? There does not seem to be much documentation on this module and I think its needed.
Honestly, as of today the need for inputs no longer exists. As of Tower 3.1 a user can configure settings to point to a Splunk server. The app will be updated to reflect that.
Hi @dsilva - I'm working on a customer site who are keen to get Tower data into Splunk to help search and report on the tower event and activity data.
Just looking at your post above is your recommendation now with Tower 3.1 to have Tower send the data to Splunk rather than using the modular input that is shipped with the Ansible Add On for Splunk?
I assume with this approach Tower would post events to Splunk using the HTTP Event Collector? Is there any guidance on where the HTTP interface this would be configured in TOWER?
Thanks in advance
should have everything you need.
Hi @ttrolf, the screenshot mentioned above was just showing the data inputs page within Splunk web. You will see a section for Tower App. In there add two data inputs, as mentioned above. Fields will have small descriptions to help.
Thanks @dsilva,
This worked for me.