All Apps and Add-ons

How to configure the Ansible Tower App for Splunk?

fofloinn
New Member

Hi,

I am new to Splunk and Tower and was wondering what configuration is needed for the Ansible Tower App for Splunk please?

Thanks in advance.

0 Karma
1 Solution

dsilva
Explorer

Hi @fofloinn,

Just add two data inputs. One for job_event and one for activity_stream. Similar to this

View solution in original post

donk23
New Member

@dsilva, do you know when we can expect an update to the app to use the HEC instead of inputs? Does the current app with with the data ingested from the HEC?

0 Karma

dsilva
Explorer

Hi @fofloinn,

Just add two data inputs. One for job_event and one for activity_stream. Similar to this

View solution in original post

ttrolf
Explorer

Seems like the link above https://drive.google.com/open?id=0BwQo5E6M4FJsRjVNSGVPYjdEU3c is not working. Could you reply again ? I am setting up this and had some issues.
I did look here https://github.com/ansible/ansible-tower-splunk-framework and added values into https://github.com/ansible/ansible-tower-splunk-framework/blob/master/tower_app/README/inputs.conf.s.... Seems to work but still would like to see your solution.

0 Karma

jackpal
Path Finder

I understand the need for inputs but how do you interface to them ? Are these just files on the Ansible machine or are they feeds from the Ansible database ? There does not seem to be much documentation on this module and I think its needed.

0 Karma

dsilva
Explorer

Honestly, as of today the need for inputs no longer exists. As of Tower 3.1 a user can configure settings to point to a Splunk server. The app will be updated to reflect that.

0 Karma

skelly99
Explorer

Hi @dsilva - I'm working on a customer site who are keen to get Tower data into Splunk to help search and report on the tower event and activity data.

Just looking at your post above is your recommendation now with Tower 3.1 to have Tower send the data to Splunk rather than using the modular input that is shipped with the Ansible Add On for Splunk?

I assume with this approach Tower would post events to Splunk using the HTTP Event Collector? Is there any guidance on where the HTTP interface this would be configured in TOWER?

Thanks in advance

0 Karma

dsilva
Explorer
0 Karma

dsilva
Explorer

Hi @ttrolf, the screenshot mentioned above was just showing the data inputs page within Splunk web. You will see a section for Tower App. In there add two data inputs, as mentioned above. Fields will have small descriptions to help.

0 Karma

fofloinn
New Member

Thanks @dsilva,

This worked for me.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!