Splunk ITSI Ansible Collection

Description

The Ansible ITSI collection includes variety of content to help automate the use of Splunk IT Service Intelligence.

Requirements

• Python >= 3.10
• Ansible >= 2.17

Installation

Before using this collection, you need to install it with the Ansible Galaxy command-line tool:

ansible-galaxy collection install splunk.itsi

You can also include it in a requirements.yml file and install it with ansible-galaxy collection install -r requirements.yml, using the format:

---
collections:
  - name: splunk.itsi

Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically when you upgrade the ansible package. To upgrade the collection to the latest available version, run the following command:

ansible-galaxy collection install splunk.itsi --upgrade

You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax to install version 1.0.0

ansible-galaxy collection install splunk.itsi==1.0.0

See using Ansible collections for more details.

Code of Conduct

We follow the Ansible Code of Conduct in all our interactions within this project.

If you encounter abusive behavior, please refer to the policy violations section of the Code for information on how to raise a complaint.

Communication

• Join the Ansible forum:
• Get Help: get help or help others. Please add appropriate tags if you start new discussions
• Social Spaces: gather and interact with fellow enthusiasts.
• News & Announcements: track project-wide announcements including social events. The Bullhorn newsletter, which is used to announce releases and important changes, can also be found here.

For more information about communication, see the Ansible communication guide.

Support

As a Red Hat Ansible Certified Content, this collection is entitled to support through Ansible Automation Platform (AAP).

If a support case cannot be opened with Red Hat and the collection has been obtained either from Galaxy or GitHub, there is community support available at no charge.

Contributing to this collection

We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the Splunk ITSI collection repository. See Contributing to Ansible-maintained collections for complete details.

The content of this collection is made by people like you, a community of individuals collaborating on making the world better through developing automation software.

We are actively accepting new contributors and all types of contributions are very welcome.

Don't know how to start? Refer to the Ansible community guide!

Want to submit code changes? Take a look at the Quick-start development guide.

We also use the following guidelines:

• Collection review checklist
• Ansible development guide
• Ansible collection development guide

Collection maintenance

The current maintainers are listed in the MAINTAINERS file. If you have questions or need help, feel free to mention them in the proposals.

To learn how to maintain/become a maintainer of this collection, refer to the Maintainer guidelines.

It is necessary for maintainers of this collection to be subscribed to:

• The collection itself (the Watch button -> All Activity in the upper right corner of the repository's homepage).
• The news-for-maintainers repository.

They also should be subscribed to Ansible's The Bullhorn newsletter.

Governance

The process of decision making in this collection is based on discussing and finding consensus among participants.

Every voice is important. If you have something on your mind, create an issue or dedicated discussion and let's discuss it!

Ansible version compatibility

This collection has been tested against the following Ansible versions: >=2.17.0.

Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible.

Included content

Event Driven Ansible (EDA)

Httpapi plugins

Modules

Use Cases

inventory.ini (Note the password should be managed by a Vault for a production environment.

[itsi]
splunk.itsi.com

[itsi:vars]
ansible_connection=httpapi
ansible_network_os=splunk.itsi.itsi_api_client
ansible_httpapi_use_ssl=true
ansible_httpapi_port=8089
ansible_httpapi_validate_certs=false
ansible_user=admin
ansible_httpapi_pass= {{ vault_pass }}
#ansible_httpapi_token= {{ valut_token }}

# Enable debug logging for httpapi plugin
ansible_persistent_log_messages=true

Using the modules with Fully Qualified Collection Name (FQCN)

With Ansible Collections there are various ways to utilize them either by calling specific Content from the Collection, such as a module, by its Fully Qualified Collection Name (FQCN) as we'll show in this example or by defining a Collection Search Path as the examples below will display.

We recommend the FQCN method but the shorthand options listed below exist for convenience.

splunk_with_collections_fqcn_example.yml

---
# Create new aggregation policy (no policy_id = always creates new)
- name: Create new aggregation policy
  splunk.itsi.itsi_aggregation_policy:
    title: "Test Aggregation Policy (Ansible)"
    description: "Test policy created by Ansible"
    disabled: false
    priority: 5
    group_severity: "medium"
    group_status: "new"
    group_title: "%title%"
    group_description: "%description%"
    filter_criteria:
      condition: "AND"
      items: []
    breaking_criteria:
      condition: "AND"
      items: []
    state: present
  register: create_result
# create_result.response._key contains the generated policy_id

# Update existing aggregation policy (policy_id required, title optional)
- name: Update aggregation policy settings
  splunk.itsi.itsi_aggregation_policy:
    policy_id: "{{ create_result.response._key }}"
    group_severity: "high"
    disabled: false
    filter_criteria:
      condition: "OR"
      items:
        [
          {
            "type": "clause",
            "config":
              {
                "items":
                  [
                    {
                      "type": "notable_event_field",
                      "config":
                        { "field": "severity", "operator": "<", "value": "6" },
                    },
                  ],
                "condition": "AND",
              },
          },
        ]
    state: present
  register: update_result
# update_result.diff shows fields that changed

Testing

This collection is tested against all currently maintained Ansible versions and with all currently supported (by Ansible on the target node) Python versions. You can find the list of maintained Ansible versions and their respective Python versions on docs.ansible.com.

Release Notes and Roadmap

Release notes

See the changelog.

Roadmap

Related Information

• Ansible user guide
• Ansible developer guide
• Ansible collections requirements
• Ansible community Code of Conduct
• The Bullhorn (the Ansible contributor newsletter)
• Important announcements for maintainers

License Information

GNU General Public License v3.0 or later.

See LICENSE to see the full text.