-
Notifications
You must be signed in to change notification settings - Fork 47
/
idx_sh_uf_SmartStore.yml
90 lines (79 loc) · 2.14 KB
/
idx_sh_uf_SmartStore.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
# splunk_config.yml
plugin: splunk-platform-automator
os:
set_hostname: true
#virtualbox:
aws:
keypair_name: 'aws_key'
#region: 'eu-central-1'
ami: 'ami-0badcc5b522737046' # Redhat 8
ssh_username: 'ec2-user'
instance_type: 't2.micro'
#instance_type: 'c5.2xlarge'
ssh_private_key_path: '~/.ssh/aws_key.pem'
security_groups: ['Splunk_Basic']
# AWS Storage
block_device_mapping:
- # do not remove this, it is part of the format
DeviceName: "/dev/sda1" # Redhat 8
Ebs.VolumeSize: 50 # Size in GB
#Ebs.DeleteOnTermination: true
#Ebs.VolumeType: "GP2" # General performance - you might want something faster
# Splunk default settings
splunk_defaults:
# splunk_env_name: splk
# splunk_version: '8.2.3'
# splunk_architecture: amd64
splunk_download:
splunk: true
splunkforwarder: true
# splunk_admin_password: 'splunklab'
# splunk_license_file: Splunk_Enterprise.lic
# splunk_indexes:
# test1:
# test2_metrics:
# datatype: metric
# Define Indexer Volumes (filesystem must exist)
splunk_indexer_volumes:
hot:
s2volume:
path: "s3://<your_s3_bucketname>/<subfolder>"
storageType: remote
# TSIDX compression with Splunk 9.0+
#remote.s3.tsidx_compression: true
splunk_volume_defaults:
VolumeDataSize_Free_MB: 800 # Will calculate maxVolumeDataSizeMB as 'fs_free - VolumeDataSize_Free_MB'
# Define the volumes to be used for the indexes
homePath: hot
coldPath: hot
remotePath: s2volume
splunk_set_servername: true
splunk_set_default_hostname: true
splunk_loginpage_print_userpw: false
# splunk_loginpage_print_roles: false
splunk_ssl:
web:
enable: true
inputs:
enable: true
outputs:
enable: true
# Splunk hosts with its settings
splunk_hosts:
# Indexer
- name: idx
roles:
- indexer
aws:
# IAM Role with S3 access permissions to assign to the indexer
# Must be created beforehand
iam_instance_profile_name: Splunk_S3-Access
# Search Head
- name: sh
roles:
- search_head
# Universal Forwarder
- name: uf
roles:
- universal_forwarder