splunk.es.data_input_network – Manage Splunk Data Inputs of type TCP or UDP

From Get docs
Ansible/docs/2.10/collections/splunk/es/data input network module


splunk.es.data_input_network – Manage Splunk Data Inputs of type TCP or UDP

Note

This plugin is part of the splunk.es collection (version 1.0.2).

To install it use: ansible-galaxy collection install splunk.es.

To use it in a playbook, specify: splunk.es.data_input_network.


New in version 1.0.0: of splunk.es


Synopsis

  • This module allows for addition or deletion of TCP and UDP Data Inputs in Splunk.

Parameters

Parameter Choices/Defaults Comments

connection_host

string

  • ip

  • dns
  • none

Set the host for the remote server that is sending data.

ip sets the host to the IP address of the remote server sending data.

dns sets the host to the reverse DNS entry for the IP address of the remote server sending data.

none leaves the host as specified in inputs.conf, which is typically the Splunk system hostname.

datatype

string

  • cooked
  • raw

Forwarders can transmit three types of data: raw, unparsed, or parsed. cooked data refers to parsed and unparsed formats.

host

string

Host from which the indexer gets data.

index

string

default Index to store generated events.

name

string / required

The input port which receives raw data.

protocol

string / required

  • tcp
  • udp

Choose between tcp or udp

queue

string

  • parsingQueue

  • indexQueue

Specifies where the input processor should deposit the events it reads. Defaults to parsingQueue.

Set queue to parsingQueue to apply props.conf and other parsing rules to your data. For more information about props.conf and rules for timestamping and linebreaking, refer to props.conf and the online documentation at "Monitor files and directories with inputs.conf"

Set queue to indexQueue to send your data directly into the index.

rawTcpDoneTimeout

integer

Default:

10

Specifies in seconds the timeout value for adding a Done-key.

If a connection over the port specified by name remains idle after receiving data for specified number of seconds, it adds a Done-key. This implies the last event is completely received.

restrictToHost

string

Allows for restricting this input to only accept data from the host specified here.

source

string

Sets the source key/field for events from this input. Defaults to the input file path.

Sets the source key initial value. The key is used during parsing/indexing, in particular to set the source field during indexing. It is also the source field used at search time. As a convenience, the chosen string is prepended with 'source::'.

Note: Overriding the source key is generally not recommended. Typically, the input layer provides a more accurate string to aid in problem analysis and investigation, accurately recording the file from which the data was retrieved. Consider use of source types, tagging, and search wildcards before overriding this value.

sourcetype

string

Set the source type for events from this input.

"sourcetype=" is automatically prepended to .

Defaults to audittrail (if signedaudit=True) or fschange (if signedaudit=False).

ssl

boolean

  • no
  • yes

Enable or disble ssl for the data stream

state

string

  • present

  • absent
  • enabled
  • disable

Enable, disable, create, or destroy



Examples

- name: Example adding data input network with splunk.es.data_input_network
  splunk.es.data_input_network:
    name: "8099"
    protocol: "tcp"
    state: "present"

Authors

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/splunk/es/data_input_network_module.html