splunk.es.data_input_monitor – Manage Splunk Data Inputs of type Monitor
Note
This plugin is part of the splunk.es collection (version 1.0.2).
To install it use: ansible-galaxy collection install splunk.es.
To use it in a playbook, specify: splunk.es.data_input_monitor.
New in version 1.0.0: of splunk.es
Synopsis
- This module allows for addition or deletion of File and Directory Monitor Data Inputs in Splunk.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| blacklist
string
|
Specify a regular expression for a file path. The file path that matches this regular expression is not indexed.
|
|
| check_index
boolean
|
|
If set to True, the index value is checked to ensure that it is the name of a valid index.
|
| check_path
boolean
|
|
If set to True, the name value is checked to ensure that it exists.
|
| crc_salt
string
|
A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation).
|
|
| disabled
boolean
|
|
Indicates if input monitoring is disabled.
|
| followTail
boolean
|
|
If set to True, files that are seen for the first time is read from the end.
|
| host
string
|
The value to populate in the host field for events from this data input.
|
|
| host_regex
string
|
Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group.
|
|
| host_segment
integer
|
Use the specified slash-separate segment of the filepath as the host field value.
|
|
| ignore_older_than
string
|
Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored.
|
|
| index
string
|
Which index events from this input should be stored in. Defaults to default.
|
|
| name
string / required
|
The file or directory path to monitor on the system.
|
|
| recursive
boolean
|
|
Setting this to False prevents monitoring of any subdirectories encountered within this data input.
|
| rename_source
string
|
The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs.
|
|
| sourcetype
string
|
The value to populate in the sourcetype field for incoming events.
|
|
| state
string / required
|
|
Add or remove a data source.
|
| time_before_close
integer
|
When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data.
|
|
| whitelist
string
|
Specify a regular expression for a file path. Only file paths that match this regular expression are indexed.
|
Examples
- name: Example adding data input monitor with splunk.es.data_input_monitor
splunk.es.data_input_monitor:
name: "/var/log/example.log"
state: "present"
recursive: True
Authors
- Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/splunk/es/data_input_monitor_module.html