splunk / splunk.es / 3.0.0 / module / data_input_monitor
Removed in None
Reason:Newer and updated modules released with more functionality. | Alternative:splunk_data_inputs_monitor
Manage Splunk Data Inputs of type Monitor
| "added in version" 1.0.0 of splunk.es"
Authors: Ansible Security Automation Team (@maxamillion) <https://github.com/ansible-security>
Install with ansible-galaxy collection install splunk.es:==3.0.0
collections: - name: splunk.es version: 3.0.0
This module allows for addition or deletion of File and Directory Monitor Data Inputs in Splunk.
- name: Example adding data input monitor with splunk.es.data_input_monitor splunk.es.data_input_monitor: name: "/var/log/example.log" state: "present" recursive: true
host: description: - The value to populate in the host field for events from this data input. required: false type: str name: description: - The file or directory path to monitor on the system. required: true type: str index: description: - Which index events from this input should be stored in. Defaults to default. required: false type: str state: choices: - present - absent description: - Add or remove a data source. required: true type: str crc_salt: description: - A string that modifies the file tracking identity for files in this input. The magic value <SOURCE> invokes special behavior (see admin documentation). required: false type: str disabled: default: false description: - Indicates if input monitoring is disabled. required: false type: bool blacklist: description: - Specify a regular expression for a file path. The file path that matches this regular expression is not indexed. required: false type: str recursive: default: false description: - Setting this to false prevents monitoring of any subdirectories encountered within this data input. required: false type: bool whitelist: description: - Specify a regular expression for a file path. Only file paths that match this regular expression are indexed. required: false type: str check_path: description: - If set to C(true), the name value is checked to ensure that it exists. required: false type: bool followTail: default: false description: - If set to C(true), files that are seen for the first time is read from the end. required: false type: bool host_regex: description: - Specify a regular expression for a file path. If the path for a file matches this regular expression, the captured value is used to populate the host field for events from this data input. The regular expression must have one capture group. required: false type: str sourcetype: description: - The value to populate in the sourcetype field for incoming events. required: false type: str check_index: default: false description: - If set to C(true), the index value is checked to ensure that it is the name of a valid index. required: false type: bool host_segment: description: - Use the specified slash-separate segment of the filepath as the host field value. required: false type: int rename_source: description: - The value to populate in the source field for events from this data input. The same source should not be used for multiple data inputs. required: false type: str ignore_older_than: description: - Specify a time value. If the modification time of a file being monitored falls outside of this rolling time window, the file is no longer being monitored. required: false type: str time_before_close: description: - When Splunk software reaches the end of a file that is being read, the file is kept open for a minimum of the number of seconds specified in this value. After this period has elapsed, the file is checked again for more data. required: false type: int