splunk / splunk.es / 3.0.0 / module / splunk_data_inputs_network Manage Splunk Data Inputs of type TCP or UDP resource module | "added in version" 2.1.0 of splunk.es" Authors: Ansible Security Automation Team (@pranav-bhatt) <https://github.com/ansible-security> This plugin has a corresponding action plugin.splunk.es.splunk_data_inputs_network (3.0.0) — module
Install with ansible-galaxy collection install splunk.es:==3.0.0
collections: - name: splunk.es version: 3.0.0
Module that allows to add/update or delete of TCP and UDP Data Inputs in Splunk.
# Using gathered # -------------- - name: Gathering information about TCP Cooked Inputs splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: cooked state: gathered
# RUN output: # ----------- # "gathered": [ # { # "connection_host": "ip", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "8101" # }, # { # "disabled": false, # "host": "$decideOnStartup", # "index": "default", # "name": "9997" # }, # { # "connection_host": "ip", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "default:8101", # "restrict_to_host": "default" # } # ] - name: Gathering information about TCP Cooked Inputs by Name splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: cooked name: 9997 state: gathered
# RUN output: # ----------- # "gathered": [ # { # "datatype": "cooked", # "disabled": false, # "host": "$decideOnStartup", # "name": "9997", # "protocol": "tcp" # } # ] - name: Gathering information about TCP Raw Inputs splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: raw state: gathered
# RUN output: # ----------- # "gathered": [ # { # "connection_host": "ip", # "disabled": false, # "host": "$decideOnStartup", # "index": "default", # "name": "8099", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 10 # }, # { # "connection_host": "ip", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "default:8100", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 10, # "restrict_to_host": "default", # "source": "test_source", # "sourcetype": "test_source_type" # } # ] - name: Gathering information about TCP Raw inputs by Name splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: raw name: 8099 state: gathered
# RUN output: # ----------- # "gathered": [ # { # "connection_host": "ip", # "datatype": "raw", # "disabled": false, # "host": "$decideOnStartup", # "index": "default", # "name": "8099", # "protocol": "tcp", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 10 # } # ] - name: Gathering information about TCP SSL configuration splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: ssl state: gathered
# RUN output: # ----------- # "gathered": [ # { # "cipher_suite": <cipher-suites>, # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "test_host" # } # ] - name: Gathering information about TCP SplunkTcpTokens splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: splunktcptoken state: gathered
# RUN output: # ----------- # "gathered": [ # { # "disabled": false, # "host": "$decideOnStartup", # "index": "default", # "name": "splunktcptoken://test_token1", # "token": <token1> # }, # { # "disabled": false, # "host": "$decideOnStartup", # "index": "default", # "name": "splunktcptoken://test_token2", # "token": <token2> # } # ] # Using merged # ------------ - name: To add the TCP raw config splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: raw name: 8100 connection_host: ip disabled: true raw_tcp_done_timeout: 9 restrict_to_host: default queue: parsingQueue source: test_source sourcetype: test_source_type state: merged
# RUN output: # ----------- # "after": [ # { # "connection_host": "ip", # "datatype": "raw", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "default:8100", # "protocol": "tcp", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 9, # "restrict_to_host": "default", # "source": "test_source", # "sourcetype": "test_source_type" # } # ], # "before": [ # { # "connection_host": "ip", # "datatype": "raw", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "default:8100", # "protocol": "tcp", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 10, # "restrict_to_host": "default", # "source": "test_source", # "sourcetype": "test_source_type" # } # ] - name: To add the TCP cooked config splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: cooked name: 8101 connection_host: ip disabled: false restrict_to_host: default state: merged
# RUN output: # ----------- # "after": [ # { # "connection_host": "ip", # "datatype": "cooked", # "disabled": false, # "host": "$decideOnStartup", # "name": "default:8101", # "protocol": "tcp", # "restrict_to_host": "default" # } # ], # "before": [ # { # "connection_host": "ip", # "datatype": "cooked", # "disabled": true, # "host": "$decideOnStartup", # "name": "default:8101", # "protocol": "tcp", # "restrict_to_host": "default" # } # ], - name: To add the Splunk TCP token splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: splunktcptoken name: test_token state: merged
# RUN output: # ----------- # "after": [ # { # "datatype": "splunktcptoken", # "name": "splunktcptoken://test_token", # "protocol": "tcp", # "token": <token> # } # ], # "before": [], - name: To add the Splunk SSL splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: ssl name: test_host root_ca: {root CA directory} server_cert: {server cretificate directory} state: merged
# RUN output: # ----------- # "after": [ # { # "cipher_suite": <cipher suite>, # "datatype": "ssl", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "test_host", # "protocol": "tcp" # } # ], # "before": [] # Using deleted # ------------- - name: To Delete TCP Raw splunk.es.splunk_data_inputs_network: config: - protocol: tcp datatype: raw name: default:8100 state: deleted
# RUN output: # ----------- # "after": [], # "before": [ # { # "connection_host": "ip", # "datatype": "raw", # "disabled": true, # "host": "$decideOnStartup", # "index": "default", # "name": "default:8100", # "protocol": "tcp", # "queue": "parsingQueue", # "raw_tcp_done_timeout": 9, # "restrict_to_host": "default", # "source": "test_source", # "sourcetype": "test_source_type" # } # ] # Using replaced # -------------- - name: Replace existing data inputs networks configuration register: result splunk.es.splunk_data_inputs_network: state: replaced config: - protocol: tcp datatype: raw name: 8100 connection_host: ip disabled: true host: "$decideOnStartup" index: default queue: parsingQueue raw_tcp_done_timeout: 10 restrict_to_host: default source: test_source sourcetype: test_source_type
state: choices: - merged - replaced - deleted - gathered default: merged description: - The state the configuration should be left in type: str config: description: - Manage and preview protocol input data. elements: dict suboptions: cipher_suite: description: - Specifies list of acceptable ciphers to use in ssl. - Only obtained for TCP SSL configuration present on device. type: str connection_host: choices: - ip - dns - none description: - Set the host for the remote server that is sending data. - C(ip) sets the host to the IP address of the remote server sending data. - C(dns) sets the host to the reverse DNS entry for the IP address of the remote server sending data. - C(none) leaves the host as specified in inputs.conf, which is typically the Splunk system hostname. type: str datatype: choices: - cooked - raw - splunktcptoken - ssl description: - C(cooked) lets one access cooked TCP input information and create new containers for managing cooked data. - C(raw) lets one manage raw tcp inputs from forwarders. - C(splunktcptoken) lets one manage receiver access using tokens. - C(ssl) Provides access to the SSL configuration of a Splunk server. This option does not support states I(deleted) and I(replaced). required: false type: str disabled: description: - Indicates whether the input is disabled. type: bool host: description: - Host from which the indexer gets data. type: str index: description: - default Index to store generated events. type: str name: description: - The input port which receives raw data. required: true type: str no_appending_timestamp: description: - If set to true, prevents Splunk software from prepending a timestamp and hostname to incoming events. - Only for UDP data input configuration. type: bool no_priority_stripping: description: - If set to true, Splunk software does not remove the priority field from incoming syslog events. - Only for UDP data input configuration. type: bool password: description: - Server certificate password, if any. - Only for TCP SSL configuration. type: str protocol: choices: - tcp - udp description: - Choose whether to manage TCP or UDP inputs required: true type: str queue: choices: - parsingQueue - indexQueue description: - Specifies where the input processor should deposit the events it reads. Defaults to parsingQueue. - Set queue to parsingQueue to apply props.conf and other parsing rules to your data. For more information about props.conf and rules for timestamping and linebreaking, refer to props.conf and the online documentation at "Monitor files and directories with inputs.conf" - Set queue to indexQueue to send your data directly into the index. - Only applicable for "/tcp/raw" and "/udp" APIs type: str raw_tcp_done_timeout: description: - Specifies in seconds the timeout value for adding a Done-key. - If a connection over the port specified by name remains idle after receiving data for specified number of seconds, it adds a Done-key. This implies the last event is completely received. - Only for TCP raw input configuration. type: int require_client_cert: description: - Determines whether a client must authenticate. - Only for TCP SSL configuration. type: str restrict_to_host: description: - Allows for restricting this input to only accept data from the host specified here. type: str root_ca: description: - Certificate authority list (root file). - Only for TCP SSL configuration. type: str server_cert: description: - Full path to the server certificate. - Only for TCP SSL configuration. type: str source: description: - Sets the source key/field for events from this input. Defaults to the input file path. - Sets the source key initial value. The key is used during parsing/indexing, in particular to set the source field during indexing. It is also the source field used at search time. As a convenience, the chosen string is prepended with 'source::'. - Note that Overriding the source key is generally not recommended. Typically, the input layer provides a more accurate string to aid in problem analysis and investigation, accurately recording the file from which the data was retrieved. Consider use of source types, tagging, and search wildcards before overriding this value. type: str sourcetype: description: - Set the source type for events from this input. - '"sourcetype=" is automatically prepended to <string>.' - Defaults to audittrail (if signedaudit=true) or fschange (if signedaudit=false). type: str ssl: description: - Enable or disble ssl for the data stream type: bool token: description: - Token value to use for SplunkTcpToken. If unspecified, a token is generated automatically. type: str type: list running_config: description: - The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The I(running_config) argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command. type: str
after: description: The resulting configuration after module execution. returned: when changed sample: 'This output will always be in the same format as the module argspec. ' type: list before: description: The configuration prior to the module execution. returned: when state is I(merged), I(replaced), I(deleted) sample: 'This output will always be in the same format as the module argspec. ' type: list gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when state is I(gathered) sample: 'This output will always be in the same format as the module argspec. ' type: dict