cdillc.splunk.splunk_cli module – Splunk command line interface

Note

This module is part of the cdillc.splunk collection (version 0.26.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cdillc.splunk.

To use it in a playbook, specify: cdillc.splunk.splunk_cli.

New in cdillc.splunk 0.9.0

Synopsis

  • This is a lightweight wrapper around the Splunk CLI that handles auth parameter hiding and some other niceties.

  • This is a drop-in replacement for ansible.builtin.command. When converting, simply replace authenticated calls using -auth user:password to use username and (password) module options. Additional sensitive arguments can be protected too using hidden_args.

  • Calls to remote splunkd instance can be handled by specifying splunkd_uri.

Parameters

Parameter

Comments

cmd

string / required

Command line arguments to the Splunk CLI

The initial splunk command is optional as long as splunk_home is provided.

hidden_args

dictionary

Specify additional arguments without logging values.

These will be appended to cmd when the command is called.

A leading dash will be added to keys to simplify the YAML syntax.

password

string

The password for username/password authentication.

Must be provided if username is provided.

splunk_home

string

The Splunk installation home. $SPLUNK_HOME

This value is required unless the first argument to cmd is the absolute path to the splunk executable (often /opt/splunk/bin/splunk)

Default: "/opt/splunk"

splunkd_uri

aliases: uri

string

The Splunkd endpoint of the Splunk server to configure.

Defaults to the local server and default splunkd port.

Default: "https://localhost:8089"

username

string

Splunk username for username/password authentication.

When provided, password must also be specified.

Attributes

Attribute

Support

Description

check_mode

Support: partial

while the command itself is arbitrary and cannot be subject to the check mode semantics it adds creates/removes options as a workaround

Can run in check_mode and return changed status prediction without modifying target

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode

platform

Platform: posix

Target OS/families that can be operated against

raw

Support: none

Indicates if an action takes a ‘raw’ or ‘free form’ string as an option and has it’s own special parsing of it

Notes

Note

  • As of v0.20.0 it’s now possible to pass in the full path to splunk in cmd and thus avoid providing splunk_home. This allows for a closer match-up with the the builtin command module.

Examples

- name: Reload the deployment server
  cdillc.splunk.splunk_cli:
    cmd: "{{splunk_home}}/bin/splunk reload deploy-server"
    username: "{{splunk_admin_user}}"
    password: "{{splunk_admin_pass}}"

- name: Update CM URL and secret (note that '-secret' is not logged)
  cdillc.splunk.splunk_cli:
    cmd: edit cluster-config -master_uri {{cm_url}}
    hidden_args:
      secret: "{{ cm_secret }}"
    splunk_home: "{{splunk_home}}"
    username: "{{splunk_admin_user}}"
    password: "{{splunk_admin_pass}}"

# Replacement for adding a search peer
#   command: splunk add search-server -auth {{splunk_admin_user}}:{{splunk_admin_pass}}
#            {{sh_url}} -remoteUsername {{sh_user}} -remotePassword {{sh_pass}}
# This version protect the local and remote credentials

- name: Add search peer
  cdillc.splunk.splunk_cli:
    cmd: add search-server {{sh_url}}
    hidden_args:
      remoteUsername: "{{ sh_user }}"
      remotePassword: "{{ sh_pass }}"
    splunk_home: "{{splunk_home}}"
    username: "{{splunk_admin_user}}"
    password: "{{splunk_admin_pass}}"
    creates: "{{splunk_home}}/.search-peer-added-{{ sh_url | urlencode }}"
    create_on_success: true

Authors

  • Lowell C. Alleman (@lowell80)