Giters

splunk / splunk-ansible

Ansible playbooks for configuring and managing Splunk Enterprise and Universal Forwarder deployments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Send logs in any format with Splunk

Marwen-TAALLAH opened this issue · comments

commented

I am trying to send logs from my machine to splunk by installing the splunk agent via ansible.
My code looks like this:

- hosts: <my-host>
  become: yes
  gather_facts: true
  roles:
    - { role: splunk-forwarder, tags: splunk-forwarder }
  vars:
    splunk_dir: "/opt/splunkforwarder"
    splunk_forwarder_indexer: "<splunk_forwader_index>"
    monitor:
    - path: "<path_to_my_logs_dir>"
      splunk_forwarder_sourcetype: "_json"
      splunk_forwarder_index: "<splunk_index>"

The fact that I set splunk_forwarder_sourcetype to _json makes the splunk agent send only logs in json format.
What should I set splunk_forwarder_index to to make it send any type of logs (text).