chef-splunk Cookbook

This cookbook provides custom resources for managing Splunk Enterprise and Splunk Universal Forwarder.

Requirements

Chef Infra Client 16.0 or newer.

Migration

Version 10.0 removes the public recipe and node attribute API. See migration.md for the breaking change details and examples.

Platforms

The supported platform list follows Splunk 10.0 package availability and this cookbook's Kitchen matrix:

• AlmaLinux 9, 10
• Amazon Linux 2023
• Debian 12, 13
• Red Hat Enterprise Linux 9, 10
• Rocky Linux 9, 10
• Ubuntu 22.04, 24.04
• openSUSE Leap 16

See LIMITATIONS.md for platform and architecture notes.

Resources

• splunk_app
• splunk_auth
• splunk_client
• splunk_clustering
• splunk_index
• splunk_installer
• splunk_monitor
• splunk_server
• splunk_service
• splunk_shclustering
• splunk_ssl
• splunk_user

Examples

Install and configure a Universal Forwarder:

splunk_client 'default' do
  accept_license true
  auth 'admin:changeme'
  server_list ['splunk.example.com:9997']
end

Install and configure a Splunk Enterprise server:

splunk_server 'default' do
  accept_license true
  auth 'admin:changeme'
  receiver_port '9997'
  web_port '8000'
end

Add a monitor stanza:

splunk_monitor '/var/log/messages' do
  inputs_conf_path '/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/inputs.conf'
  sourcetype 'linux_messages_syslog'
  index 'os'
end

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks.