Welcome to the official Splunk documentation on Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments. This repository contains plays that target all Splunk Enterprise roles and deployment topologies that work on any Linux-based platform.
Splunk-Ansible is currently being used by Docker-Splunk, the official Splunk Docker image project.
Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results.
See Splunk Products for more information about the features and capabilities of Splunk products and how you can bring them into your organization.
The Splunk-Ansible project is a collection of Splunk configuration best practices, written as Ansible scripts. These scripts, called playbooks, can be used for configuring Splunk Enterprise and Universal Forwarder instances based on a declarative configuration.
The playbooks in this codebase are internally-vetted procedures and operations that administer and manage Splunk as done within the company. Use Splunk-Ansible to manage Splunk Enterprise and Universal Forwarder instances in a manner consistent with industry standards, such as infrastructure automation and infrastructure-as-code.
Although this project can be used independently as ordinary Ansible scripts, there are necessary environment settings. For example, Splunk-Ansible assumes you need different users with specific permissions in your local environment.
For reference, see Docker-Splunk, the official Splunk Docker image project. Splunk-Ansible is tightly integrated into our Docker image, which offers a complete configuration package along with Splunk-Ansible.
See the Ansible User Guide for more details on Ansible concepts and how it works.