This cookbook is no longer maintained by us as we no longer use Splunk Storm. Best to look at one of the more up-to-date forks instead.
This little Chef Cookbook provides recipes and definitions to install Splunk Forwarders and setup monitors for Splunk Storm.
As you know, Splunk Storm uses a proprietary credentials file to setup access to the Splunk Storm servers/account.
There are two ways to point at the credentials file:
-
Get the spl file to a known location on the file system (from s3, mounted network drive, etc)
-
Specify the path to the spl file in
node['splunkstorm']['license_file']
-
Create the data bag using knife
knife data bag create licenses storm --secret-file ~/.chef/encrypted_data_bag_secret -
Open
irbfrom the directory containing your project certificate, and run the following script (make sure you update the variables to suit your setup)require 'base64' require 'chef' data_bag = "licenses" data_bag_key = "storm" license_file = "stormforwarder_XXXXXXXX.spl" data = [File.open(license_file, "rb") {|io| io.read}].pack("m") -
Copy the string output by
irb, and run the following command to edit the data bag, pasting the string into a JSON "data" field, and the license filename into a "filename" field.knife data bag edit licenses storm --secret-file ~/.chef/encrypted_data_bag_secret -
Run
knife data bag show licenses storm --secret-file ~/.chef/encrypted_data_bag_secretand confirm your data bag looks like something like this:{ "id": "storm", "filename": "stormforwarder_XXXXXXXX.spl", "data": "string created in irb" } -
You'll probably want to check-in your databag into your SCM
knife data bag show licenses storm -Fj > data_bags/licenses/storm.json
- v0.0.2 - Add ability to specify license file location
- v0.0.1 - Initial Release
- Very beta - only tested in Ubuntu 12.04
- Ubuntu, Debian, RedHat, CentOS, Fedora
- This cookbook has only been tested thoroughly with Ubuntu
See attributes/default.rb for default values.
node['splunkstorm']['cookbook_name']- The name of the directory in which the cookbook runs.node['splunkstorm']['forwarder_home']- The directory in which to install the Splunk Forwardernode['splunkstorm']['auth']- The default admin password to use instead of splunks "changeme"node['splunkstorm']['forwarder_root']- The base URL that splunk uses to download release files for Splunk Forwardernode['splunkstorm']['forwarder_version']- The specific version of Splunk Forwarder to downloadnode['splunkstorm']['forwarder_build]- The specific build number of Splunk Forwarder to downloadnode['splunkstorm']['license_file']- [optional] absolute path to spl credentials file
Installs Splunk Forwarder for Storm.
- You need to setup data bags with your Splunk Storm credentials. Check out this gist for details: https://gist.github.com/3384786
This will install the Splunk Forwarder:
recipe[splunkstorm]
To add and remove monitors you can use the splunkstorm_monitor provider:
include_recipe "splunkstorm"
# monitor the log directory in Splunk Storm, with an additional parameter setting source type
splunkstorm_monitor "/var/log" do
path "/var/log/*.log"
params "sourcetype" => "access_combined"
action :add
end
# remove the log directory monitor in Splunk Storm
splunkstorm_monitor "/var/log" do
path "/var/log/*.log"
action :remove
end
Author:: Aaron Wallis (aaron.wallis@lexer.com.au)
Copyright 2012-2013, Lexer Pty Ltd.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.