puppetlabs-splunk needs LOTS of usage examples
337 views
Skip to first unread message
Vince Skahan
Jul 28, 2015, 1:31:24 PM7/28/15
to Puppet Users
Does anybody actually use the puppetlabs-splunk module ?
I've been battling this for too many hours and have a bunch of questions. I can't really find any references via Google that this is getting much usage, and the documentation in the module itself seems essentially non-existent, but I thought I'd ask just in case:
I came up with the following, but the problem is it only permits 'one' setting and value.....
I've been battling this for too many hours and have a bunch of questions. I can't really find any references via Google that this is getting much usage, and the documentation in the module itself seems essentially non-existent, but I thought I'd ask just in case:
- how do you define a section for inputs.conf that has multiple key=value pairs
If I wanted a inputs.conf stanza of the following, how do I make that happen ?
[monitor:///var/log/nginx]
disabled = false
index = main
sourcetype = nginx
disabled = false
index = main
sourcetype = nginx
I came up with the following, but the problem is it only permits 'one' setting and value.....
splunkforwarder_input { 'nginx':
section => 'monitor:///var/log/nginx',
setting => 'disabled'
value => 'false',
}
section => 'monitor:///var/log/nginx',
setting => 'disabled'
value => 'false',
}
Is there a way to get it to accept multiple free-form multiple key=value pairs ? It's using their ini module under the hood isn't it ? Is there a secret decoder ring of examples someplace ?
- the README file seems totally wrong to me. On a centos6 system, it doesn't try to install the universal forwarder rpm from the source tree it tells you to build, and it doesn't use the version/build info it tells you to put into parameters. It does a 'yum install splunkforwarder' with odd options, and no (visible to me) way to control yum options, which repo(s) are enabled/disabled, etc. While the installation 'does' work and it enables and starts the process well, the whole thing seems like half a solution with a tenth of the docs that I'd expect a 'supported' module to have.
FWIW, I only figured out what was expected by reading the (minimal) tests in the module sources. I'd have expected some examples/readme files to save hundreds of potential users that pain.
class { 'splunk::params':
version => '6.1.2',
build => '213098',
server => 'splunk.apps.oris.washington.edu',
}
class { 'splunk::forwarder' :
}
version => '6.1.2',
build => '213098',
server => 'splunk.apps.oris.washington.edu',
}
class { 'splunk::forwarder' :
}
Am I missing something in how to decipher this thing ? Should we have to spend hours trying to reverse engineer a basically undocumented module that doesn't even really say what it does/doesn't support in terms of functionality or should we just shop elsewhere or roll our own ? Guess I'm pretty lost/confused/tired of battling this thing. Ideas ?
Christina Kyriakidou
Jul 29, 2015, 9:44:30 AM7/29/15
to Puppet Users, vince...@gmail.com
Hi Vince,
To do that you will need to populate the
https://github.com/puppetlabs/puppetlabs-splunk/blob/master/manifests/forwarder.pp forwarder_input parameter. The title won't matter so you can have 3 different titles pointing to a splunkforwarder_input parameter section. Section is defined in each hash as below:
You will need to say something like
class { 'splunk::forwarder' :
forwarder_input => {
'nginx' =>{
To do that you will need to populate the
https://github.com/puppetlabs/puppetlabs-splunk/blob/master/manifests/forwarder.pp forwarder_input parameter. The title won't matter so you can have 3 different titles pointing to a splunkforwarder_input parameter section. Section is defined in each hash as below:
You will need to say something like
class { 'splunk::forwarder' :
forwarder_input => {
'nginx' =>{
section => 'monitor:///var/log/nginx',
setting => 'disabled',
value => 'false',
},
'nginx_sourcetype' => {
value => 'false',
},
'nginx_sourcetype' => {
section => 'monitor:///var/log/nginx',
setting => 'sourcetype',
value => 'nginx'},
'nginx_input' => {
section => 'monitor:///var/log/nginx',
setting => 'index',
value => 'main'
}
}
}
value => 'nginx'},
'nginx_input' => {
section => 'monitor:///var/log/nginx',
setting => 'index',
value => 'main'
}
}
}
| Let me know if this helps. |
Vince Skahan
Jul 29, 2015, 11:34:22 AM7/29/15
to Puppet Users, moonlig...@gmail.com
On Wednesday, July 29, 2015 at 6:44:30 AM UTC-7, Christina K. wrote:
Hi Vince,
To do that you will need to populate the
https://github.com/puppetlabs/puppetlabs-splunk/blob/master/manifests/forwarder.pp forwarder_input parameter. The title won't matter so you can have 3 different titles pointing to a splunkforwarder_input parameter section. Section is defined in each hash as below:
You will need to say something like
[...deleted for brevity...]
Let me know if this helps.
It does....much appreciated.
Amazing how it takes 15 lines of puppet to write a four-line ini file stanza, and 5 lines of puppet to write each additional line to that stanza. I guess I was assuming I could cook up an array of key=>value hashes one per line. Something in needing to use bogus titles that are never used and also needing to repeat the section name every time just bugs me I guess.
Thanks again for the example - gotta love examples that work !
Garrett Honeycutt
Jul 29, 2015, 3:28:58 PM7/29/15
to puppet...@googlegroups.com
Thanks for sharing your code! Would you consider putting in on github or
a similar place with a corresponding license.
Best regards,
-g
--
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658
Vince Skahan
Jul 29, 2015, 4:42:27 PM7/29/15
to Puppet Users, g...@garretthoneycutt.com
On Wednesday, July 29, 2015 at 12:28:58 PM UTC-7, Garrett Honeycutt wrote:
Sandy,
Thanks for sharing your code! Would you consider putting in on github or
a similar place with a corresponding license.
I was going to write up a quick set of example docs (with attribution to the real author :-) and submit a PR if that's ok with you guys.
Reply all
Reply to author
Forward
0 new messages