{"id":15022789,"url":"https://github.com/voxpupuli/puppet-splunk","last_synced_at":"2025-12-11T21:44:19.083Z","repository":{"id":6008091,"uuid":"7231269","full_name":"voxpupuli/puppet-splunk","owner":"voxpupuli","description":"Manage Splunk servers and forwarders using Puppet","archived":false,"fork":false,"pushed_at":"2025-11-11T19:05:41.000Z","size":886,"stargazers_count":43,"open_issues_count":59,"forks_count":127,"subscribers_count":144,"default_branch":"master","last_synced_at":"2025-12-05T05:13:21.528Z","etag":null,"topics":["bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","ubuntu-puppet-module","windows-puppet-module"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/puppet/splunk","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2012-12-18T22:10:51.000Z","updated_at":"2025-11-11T19:05:45.000Z","dependencies_parsed_at":"2023-07-12T14:37:12.354Z","dependency_job_id":"e2f42d8e-ff22-406b-9aa9-e23008885d2d","html_url":"https://github.com/voxpupuli/puppet-splunk","commit_stats":{"total_commits":481,"total_committers":78,"mean_commits":6.166666666666667,"dds":0.7359667359667359,"last_synced_commit":"acbd76e739d09d9491aa74bfc58da740eab39994"},"previous_names":["puppetlabs/puppetlabs-splunk","puppetlabs-seteam/puppet-module-splunk"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/voxpupuli/puppet-splunk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-splunk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-splunk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-splunk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-splunk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/puppet-splunk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-splunk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27670621,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-11T02:00:11.302Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bsd-puppet-module","centos-puppet-module","debian-puppet-module","freebsd-puppet-module","hacktoberfest","linux-puppet-module","puppet","redhat-puppet-module","ubuntu-puppet-module","windows-puppet-module"],"created_at":"2024-09-24T19:58:22.897Z","updated_at":"2025-12-11T21:44:19.066Z","avatar_url":"https://github.com/voxpupuli.png","language":"Ruby","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":[],"sub_categories":[],"readme":"# Puppet Module For Splunk\n\n[![CI](https://github.com/voxpupuli/puppet-splunk/actions/workflows/ci.yml/badge.svg)](https://github.com/voxpupuli/puppet-splunk/actions/workflows/ci.yml)\n[![Code Coverage](https://coveralls.io/repos/github/voxpupuli/puppet-splunk/badge.svg?branch=master)](https://coveralls.io/github/voxpupuli/puppet-splunk)\n[![Puppet Forge](https://img.shields.io/puppetforge/v/puppet/splunk.svg)](https://forge.puppetlabs.com/puppet/splunk)\n[![Puppet Forge - downloads](https://img.shields.io/puppetforge/dt/puppet/splunk.svg)](https://forge.puppetlabs.com/puppet/splunk)\n[![Puppet Forge - endorsement](https://img.shields.io/puppetforge/e/puppet/splunk.svg)](https://forge.puppetlabs.com/puppet/splunk)\n[![Puppet Forge - scores](https://img.shields.io/puppetforge/f/puppet/splunk.svg)](https://forge.puppetlabs.com/puppet/splunk)\n\n#### Table of Contents\n\n1. [Overview](#overview)\n1. [Module Description - What the module does and why it is useful](#module-description)\n1. [Setup - The basics of getting started with splunk](#setup)\n    * [What splunk affects](#what-splunk-affects)\n    * [Setup requirements](#setup-requirements)\n    * [Beginning with splunk](#beginning-with-splunk)\n1. [Usage - Configuration options and additional functionality](#usage)\n    * [Upgrade splunk/splunkforwarder packages](#upgrade-splunksplunkforwarder-packages)\n      * [Upgrade Example](#upgrade-example)\n1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)\n1. [Limitations - OS compatibility, etc.](#limitations)\n1. [Development - Guide for contributing to the module](#development)\n\n## Overview\n\nThis module provides a method to deploy Splunk Enterprise or Splunk Universal\nForwarder with common configurations and ensure the services maintain a running\nstate. It provides types/providers to interact with the various\nSplunk/Forwarder configuration files.\n\n## Module Description\n\nThis module does not configure firewall rules. Firewall rules will need to be\nconfigured separately in order to allow for correct operation of Splunk and the\nSplunk Universal Forwarder.\n\n## Setup\n\n### What splunk affects\n\n* Installs the Splunk/Forwarder package and manages their config files. It does\n  not purge them by default.\n* The module will set up both Splunk Enterprise and Splunk Forwarder to run as\n  the 'root' user on POSIX platforms.\n* By default, enables Splunk Enterprise and Splunk Forwarder boot-start, and\n  uses the vendor-generated service file to manage the splunk service.\n\n### Setup Requirements\n\nTo begin using this module, use the Puppet Module Tool (PMT) from the command\nline to install this module:\n\n`puppet module install puppet-splunk`\n\nThis will place the module into your primary module path if you do not utilize\nthe --target-dir directive.\n\nYou can also use r10k or code-manager to deploy the module so ensure that you\nhave the correct entry in your Puppetfile.\n\nBy default, this module will download the installation packages from `https://download.splunk.com`.\n\nYou can also configure offline installers, there is just a little setup needed.\n\nFirst, you will need to place your downloaded splunk installers into the files\ndirectory, `\u003cmodule_path\u003e/splunk/files/`. If you're using r10k or code-manager\nyou'll need to override the `splunk::params::src_root` parameter to point at a\nmodulepath outside of the Splunk module because each deploy will overwrite the\nfiles.\n\nThe files must be placed according to directory structure example given below.\n\nThe expected directory structure is:\n\n     $root_url/\n     └── products/\n         ├── universalforwarder/\n         │   └── releases/\n         |       └── $version/\n         |           └── $platform/\n         |               └── splunkforwarder-${version}-${build}-${additl}\n         └── splunk/\n             └── releases/\n                 └── $version/\n                     └── $platform/\n                         └── splunk-${version}-${build}-${additl}\n\nA semi-populated example files directory might then contain:\n\n    $root_url/\n    └── products/\n        ├── universalforwarder/\n        │   └── releases/\n        |       └── 9.2.0/\n        |           ├── linux/\n        |           |   ├── splunkforwarder-9.2.0-1fff88043d5f-linux-2.6-amd64.deb\n        |           |   ├── splunkforwarder-9.2.0-1fff88043d5f-linux-2.6-intel.deb\n        |           |   └── splunkforwarder-9.2.0-1fff88043d5f.x86_64.rpm\n        |           ├── solaris/\n        |           └── windows/\n        |               └── splunkforwarder-9.2.0-1fff88043d5f-x64-release.msi\n        └── splunk/\n            └── releases/\n                └── 9.2.0/\n                    └── linux/\n                        ├── splunk-9.2.0-1fff88043d5f-linux-2.6-amd64.deb\n                        ├── splunk-9.2.0-1fff88043d5f-linux-2.6-intel.deb\n                        └── splunk-9.2.0-1fff88043d5f.x86_64.rpm\n\nSecond, you will need to supply the `splunk::params` class with three critical\npieces of information.\n\n* The version of Splunk you are using\n* The build of Splunk you are using\n* The root URL to use to retrieve the packages\n\nIn the example given above, the version is 9.2.0, the build is 1fff88043d5f,\nand the root URL is puppet:///modules/splunk. See the splunk::params class\ndocumentation for more information.\n\n### Beginning with splunk\n\nOnce the Splunk packages are hosted in the users repository or hosted by the\nPuppet Server in the modulepath the module is ready to deploy.\n\n## Usage\n\nIf a user is installing Splunk Enterprise with packages provided from their\nmodulepath, this is the most basic way of installing Splunk Server with default\nsettings:\n\n```puppet\ninclude splunk::enterprise\n```\n\nThis is the most basic way of installing the Splunk Universal Forwarder with\ndefault settings:\n\n```puppet\nclass { 'splunk::params':\n    server =\u003e $my_splunk_server,\n}\n\ninclude splunk::forwarder\n```\n\nOnce both Splunk Enterprise and Splunk Universal Forwarder have been deployed\non their respective nodes, the Forwarder is ready to start sending logs.\n\nIn order to start sending some log data, users can take advantage of the\n`Splunkforwarder_input` type. Here is a basic example of adding an input to\nstart sending Puppet Server logs:\n\n```puppet\n@splunkforwarder_input { 'puppetserver-sourcetype':\n  section =\u003e 'monitor:///var/log/puppetlabs/puppetserver/puppetserver.log',\n  setting =\u003e 'sourcetype',\n  value   =\u003e 'puppetserver',\n  tag     =\u003e 'splunk_forwarder'\n}\n```\n\nThis virtual resource will get collected by the `::splunk::forwarder` class if\nit is tagged with `splunk_forwarder` and will add the appropriate setting to\nthe inputs.conf file and refresh the service.\n\n### Setting the `admin` user's password\n\nThe module has the facility to set Splunk Enterprise's `admin` password at installation time by leveraging the [user-seed.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/User-seedconf) method described as a best practice in the Splunk docs. The way Splunk implements this prevents Puppet from managing the password in an idempotent way but makes resetting the password through the web console possible. You can also use Puppet to do a one time reset too by setting the appropriate parameters on `splunk::enterprise` but leaving these parameters set to `true` will cause corrective change on each run of the Puppet Agent.\n\n```puppet\nclass { 'splunk::enterprise':\n  seed_password    =\u003e true,\n  password_hash    =\u003e '$6$jxSX7ra2SNzeJbYE$J95eTTMJjFr/lBoGYvuJUSNKvR7befnBwZUOvr/ky86QGqDXwEwdbgPMfCxW1/PuB/IkC94QLNravkABBkVkV1',\n}\n```\n\nAlternatively the `splunk::enterprise::password::seed` class can be used independently of the Puppet Agent through a [Bolt Plan apply block](https://puppet.com/docs/bolt/latest/applying_manifest_blocks.html).\n\n### Upgrade splunk and splunkforwarder packages\n\nThis module has the ability to install *and* upgrade the splunk and splunkforwarder packages. All you have to do is declare `package_ensure =\u003e 'latest'` when calling the `::splunk` or `::splunk::forwarder` classes.\n\n#### Upgrade Example\n\nThe following code will install the 9.1.0 version of the splunk forwarder. Then\ncomment out the 9.1.0 version and build values and uncomment the 9.2.0.1 version\nand build values. Running puppet again will perform the following:\n\n1. splunk forwarder package is upgraded\n    1. splunk service is stopped as part of the package upgrade process\n2. new license agreement is automatically accepted\n    1. license agreement must be accepted or the splunk service will fail to start\n3. splunk service is started\n\n```puppet\n# Tell the module to get packages directly from Splunk.\nclass { 'splunk::params':\n  version  =\u003e '9.1.0',\n  build    =\u003e '1c86ca0bacc3',\n  #version  =\u003e '9.2.0.1',\n  #build    =\u003e 'd8ae995bf219',\n  src_root =\u003e 'https://download.splunk.com',\n}\n\n# Specifying package_ensure =\u003e 'latest' will ensure that the splunk and\n# splunkforwarder packages will be upgraded when you specify newer values for\n# version and build.\nclass { 'splunk::forwarder':\n  package_ensure =\u003e 'latest',\n}\n```\n## Reference\n\nSee in file [REFERENCE.md](REFERENCE.md).\n\n## Limitations\n\n- Upgrades are tested from Splunk 9.1.0 to 9.2.0.1.\n- New installations of splunk up to version 7.2.X are supported, but upgrades\n  from  7.0.X to \u003e= 7.0.X are not fully tested\n\n## Development\n\nLearn how to get involved in this and other Vox Pupuli module development on [our docs site](https://voxpupuli.org/docs/).\n\n## Release Notes/Contributors/Etc\n\nSee the [CHANGELOG.md](CHANGELOG.md) or list of [contributors](https://github.com/voxpupuli/puppet-splunk/graphs/contributors).\n\n[authentication.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Authenticationconf\n[authorize.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Authenticationconf\n[default.meta-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Defaultmetaconf\n[deploymentclient.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Deploymentclientconf\n[distsearch.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Distsearchconf\n[indexes.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Indexesconf\n[inputs.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf\n[limits.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Limitsconf\n[outputs.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf\n[props.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Propsconf\n[server.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf\n[serverclass.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverclassconf\n[transforms.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Transformsconf\n[web.conf-docs]: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-splunk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fpuppet-splunk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-splunk/lists"}