-
Notifications
You must be signed in to change notification settings - Fork 47
/
splunk_config_aws.yml
82 lines (74 loc) · 2.05 KB
/
splunk_config_aws.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
---
# splunk_config.yml
plugin: splunk-platform-automator
# General settings
general:
# url_locale: en-GB
os:
# time_zone: "Europe/Zurich"
# Set hostname to ansible_inventory name
set_hostname: true
aws:
#access_key_id: '' # defaults to ENV['AWS_ACCESS_KEY_ID']
#secret_access_key: '' # ENV['AWS_SECRET_ACCESS_KEY']
keypair_name: 'aws_key'
#region: 'eu-central-1'
#ami: 'ami-e3381508' # Ubuntu 16.04
#ssh_username: 'ubuntu' # ami-e3381508
ami: 'ami-c86c3f23' # Redhat 7.5
ssh_username: 'ec2-user' # ami-c86c3f23
#instance_type: 't2.micro'
ssh_private_key_path: '~/.ssh/aws_key.pem'
security_groups: ['Splunk_Basic']
# AWS Storage
block_device_mapping:
- # do not remove this, it is part of the format
DeviceName: "/dev/sda1"
Ebs.VolumeSize: 50 # Size in GB
#Ebs.DeleteOnTermination: true
#Ebs.VolumeType: "GP2" # General performance - you might want something faster
- # do not remove this, it is part of the format
DeviceName: "/dev/sdg" # Additional Disk
Ebs.VolumeSize: 20 # Size in GB
- # do not remove this, it is part of the format
DeviceName: "/dev/sdh" # Additional Disk
Ebs.VolumeSize: 30 # Size in GB
# Splunk default settings
splunk_defaults:
# splunk_env_name: splk
# splunk_version: '8.2.3'
splunk_download:
splunk: true
splunkforwarder: true
# splunk_admin_password: 'splunklab'
# splunk_license_file: Splunk_Enterprise.lic
# splunk_indexes:
# test1:
# test2_metrics:
# datatype: metric
splunk_set_servername: true
splunk_set_default_hostname: true
splunk_loginpage_print_userpw: false
# splunk_loginpage_print_roles: false
# Enable ssl by default to secure internet facing connections.
splunk_ssl:
web:
enable: true
inputs:
enable: true
outputs:
enable: true
# Splunk hosts with its settings
splunk_hosts:
# Indexer
- name: idx
roles:
- indexer
# Search Head
- name: sh
roles:
- search_head
# Universal Forwarder
- name: uf
roles:
- universal_forwarder