SlideShare uma empresa Scribd logo

Using Puppet To Manage Splunk

Splunk
Splunk

Between indexers, search heads, and forwarders, there’s a lot of configuration to manage in an Enterprise Splunk installation. In this session we’ll cover how to leverage Puppet to manage these configurations easily and efficiently. We’ll also touch on using Foreman to gain greater visibility into your deployment.

TecnologiaDiversão e humor
1 de 12
Baixar para ler offline
Using  Puppet  To  Manage  Splunk   Carl  Schwenk,  Senior  Systems  Administrator,  Citrix  Systems  
Introduc@on   ü Carl  Schwenk   ü Senior  Systems  Administrator   ü Citrix  Online   ü Santa  Barbara,  CA   ü Carl.Schwenk@Citrix.com   The 2nd Annual Splunk Worldwide Users Conference 2   © Copyright Splunk 2011
The 2nd Annual Splunk Worldwide Users Conference 3   © Copyright Splunk 2011
Splunk  @  Citrix   Splunk Index 100+ Sourcetypes 10000+ Sources Custom Config Files NetScaller Load Balancer Scripted input data Host & Product status data The 2nd Annual Splunk Worldwide Users Conference 4   © Copyright Splunk 2011
What  is  Puppet?   Puppet   …is  not..   …is…   A  config  file  transport  system   State  Enforcement   DriK   Management   A  means  of  remotely  execu@ng  arbitrary   Rapid  deployment  and  configura@on   Automated   commands   management.     Provisioning     A  replacement  for  good  administra@on   Only  as  good  as  the  developer  that  runs  it.   prac@ces.     Adop@on   The 2nd Annual Splunk Worldwide Users Conference 5   © Copyright Splunk 2011
Why  Manage  Splunk  with  Puppet?   Deployment  Manager   Puppet   •  Manage  forwarders  by  classes  of   •  Uses  exis@ng  host  classifica@ons.     Forwarder  Config   servers   •  Automa@cally  provisioned  for  new  hosts   Management     •  Manage  Indexer  and  Search  head   •  Manage  Splunk  servers  in  one  place.   inputs  in  one  place.   •  Rapid  Splunk  scaling.     Indexer  &  Search   •  Configura@ons  are  backed  up  and  load   Head  Management   balanced     •  U@lizes  the  Splunk  Deployment   •  Maintains  forwarder  running  state   Monitor  applica@on  to  alert  status  of   Forwarder  Running   forwarders   •  Keeps  forwarder  updated  with  current   config   Management   •  No  code  to  learn.  Easy  to  use   interface.   The 2nd Annual Splunk Worldwide Users Conference 6   © Copyright Splunk 2011
class splunk::forwarder { Puppet  Code   File { owner => ‘splunk', group => ‘splunk', require => Package['splunkforwarder'], notify => Exec['splunk_first_time_run', 'splunk_restart'], } $splunk_home = "/opt/splunkforwarder" Package { "splunkforwarder":} ensure => latest service { "splunkforwarder": enable => true, ensure => running, require => [File['splunkforwarder-init'],Package['splunkforwarder']], } file { "${splunk_home}/etc/apps/${outputs}": ensure => directory, recurse => true, alias => 'outputs', source => "puppet:///modules/splunk/${outputs}", } file { "${splunk_home}/etc/apps/base_inputs": ensure => directory, recurse => true, source => "puppet:///modules/splunk/base_inputs", alias => 'base_inputs', } if $splunk_profile { $inputs = split($splunk_profile,",") define install_class_apps { file { "${splunk_home}/etc/apps/${name}": ensure => directory, recurse => true, source => "puppet:///modules/splunk/${name}", } } install_class_apps { $inputs:; } } exec { "${splunk_home}/bin/splunk start --accept-license": alias => "splunk_first_time_run", onlyif => "/usr/bin/test -e ${splunk_home}/ftr", require => Package["splunkforwarder"], } exec { "${splunk_home}/bin/splunk restart": alias => "splunk_restart", onlyif => "/usr/bin/test ! -e ${splunk_home}/ftr", refreshonly => true; } } The 2nd Annual Splunk Worldwide Users Conference 7   © Copyright Splunk 2011
The  Foreman  –  Configura@on  Inheritance   Global Configurations All hosts get packages splunkforwarder WWW MySQL Host Host Group Group $splunk_app = apache $splunkapp = mysql Secure MySQL www-backup Host Host $splunk_app = apache, backup $splunk_app = mysql, audit The 2nd Annual Splunk Worldwide Users Conference 8   © Copyright Splunk 2011
The  Foreman  –  Dashboard   The 2nd Annual Splunk Worldwide Users Conference 9   © Copyright Splunk 2011
Lessons  Learned   ü Splunk  +  Puppet  =  BFF     ü Start  simply   ü Grow  slowly   ü Document   ü User  adop@on  may  be  your  hardest  challenge   The 2nd Annual Splunk Worldwide Users Conference 10   © Copyright Splunk 2011
Puppet  Code  for  Splunk  4.2   hdp://forge.puppetlabs.com   ü Universal  Forwarder  code  coming  soon   ü Indexer  and  Search  head  code  to  come  soon   The 2nd Annual Splunk Worldwide Users Conference 11   © Copyright Splunk 2011
Using  Puppet  To  Manage  Splunk   Carl  Schwenk,  Senior  Systems  Administrator,  Citrix  Systems  

Recomendados

Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Malcolm Duncanson, CISSP
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
Jeff Potts
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Deploying OpenStack with Chef
Deploying OpenStack with ChefDeploying OpenStack with Chef
Deploying OpenStack with Chef
Matt Ray
 
Chef for OpenStack: OpenStack Spring Summit 2013
Chef for OpenStack: OpenStack Spring Summit 2013Chef for OpenStack: OpenStack Spring Summit 2013
Chef for OpenStack: OpenStack Spring Summit 2013
Matt Ray
 
Build cloud like Rackspace with OpenStack Ansible
Build cloud like Rackspace with OpenStack AnsibleBuild cloud like Rackspace with OpenStack Ansible
Build cloud like Rackspace with OpenStack Ansible
Jirayut Nimsaeng
 
Zero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformZero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and Terraform
Avi Networks
 
OpenStack Deployment with Chef Workshop
OpenStack Deployment with Chef WorkshopOpenStack Deployment with Chef Workshop
OpenStack Deployment with Chef Workshop
Matt Ray
 

Recomendados

Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Malcolm Duncanson, CISSP
 
No Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with AnsibleNo Docker? No Problem: Automating installation and config with Ansible
No Docker? No Problem: Automating installation and config with Ansible
Jeff Potts
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Deploying OpenStack with Chef
Deploying OpenStack with ChefDeploying OpenStack with Chef
Deploying OpenStack with Chef
Matt Ray
 
Chef for OpenStack: OpenStack Spring Summit 2013
Chef for OpenStack: OpenStack Spring Summit 2013Chef for OpenStack: OpenStack Spring Summit 2013
Chef for OpenStack: OpenStack Spring Summit 2013
Matt Ray
 
Build cloud like Rackspace with OpenStack Ansible
Build cloud like Rackspace with OpenStack AnsibleBuild cloud like Rackspace with OpenStack Ansible
Build cloud like Rackspace with OpenStack Ansible
Jirayut Nimsaeng
 
Zero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformZero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and Terraform
Avi Networks
 
OpenStack Deployment with Chef Workshop
OpenStack Deployment with Chef WorkshopOpenStack Deployment with Chef Workshop
OpenStack Deployment with Chef Workshop
Matt Ray
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
OpenStack Deployments with Chef
OpenStack Deployments with ChefOpenStack Deployments with Chef
OpenStack Deployments with Chef
Matt Ray
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
Axel Quack
 
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaSAutoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
Shixiong Shang
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
Jonathan Weiss
 
JUDCon 2010 Boston : CoolingTower and CirrAS
JUDCon 2010 Boston : CoolingTower and CirrASJUDCon 2010 Boston : CoolingTower and CirrAS
JUDCon 2010 Boston : CoolingTower and CirrAS
marekgoldmann
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
Richard Donkin
 
Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)
Nati Shalom
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
Diana Tkachenko
 
Spinnaker VLDB 2011
Spinnaker VLDB 2011Spinnaker VLDB 2011
Spinnaker VLDB 2011
sandeep_tata
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
Global Knowledge Training
 
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannonJBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
bobmcwhirter
 
Hashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOpsHashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOps
Ramit Surana
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
Yevgeniy Brikman
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
Maxime Petazzoni
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
Chef
 
Sjug aug 2010_cloud
Sjug aug 2010_cloudSjug aug 2010_cloud
Sjug aug 2010_cloud
Michael Neale
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
Peter Sankauskas
 
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container ServicePlay Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
Josh Padnick
 
Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!
Dani Traphagen
 
Test Driven Development with Puppet - PuppetConf 2014
Test Driven Development with Puppet - PuppetConf 2014Test Driven Development with Puppet - PuppetConf 2014
Test Driven Development with Puppet - PuppetConf 2014
Puppet
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
Splunk
 

Mais conteúdo relacionado

Mais procurados

What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
Axel Quack
 
Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)
Nati Shalom
 
Spinnaker VLDB 2011
Spinnaker VLDB 2011Spinnaker VLDB 2011
Spinnaker VLDB 2011
sandeep_tata
 
Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!
Dani Traphagen
 

Mais procurados (20)

What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
 
OpenStack Deployments with Chef
OpenStack Deployments with ChefOpenStack Deployments with Chef
OpenStack Deployments with Chef
 
Infrastructure as code
Infrastructure as codeInfrastructure as code
Infrastructure as code
 
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaSAutoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
Autoscaling OpenStack Natively with Heat, Ceilometer and LBaaS
 
Docker on AWS OpsWorks
Docker on AWS OpsWorksDocker on AWS OpsWorks
Docker on AWS OpsWorks
 
JUDCon 2010 Boston : CoolingTower and CirrAS
JUDCon 2010 Boston : CoolingTower and CirrASJUDCon 2010 Boston : CoolingTower and CirrAS
JUDCon 2010 Boston : CoolingTower and CirrAS
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)Making cloud portability a practical reality (i pad)
Making cloud portability a practical reality (i pad)
 
Making Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch FixMaking Spinnaker Go @ Stitch Fix
Making Spinnaker Go @ Stitch Fix
 
Spinnaker VLDB 2011
Spinnaker VLDB 2011Spinnaker VLDB 2011
Spinnaker VLDB 2011
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with Ansible
 
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannonJBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
JBoss Developer Webinar: Cloud: BoxGrinder & SteamCannon
 
Hashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOpsHashicorp: Delivering the Tao of DevOps
Hashicorp: Delivering the Tao of DevOps
 
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...How to test infrastructure code: automated testing for Terraform, Kubernetes,...
How to test infrastructure code: automated testing for Terraform, Kubernetes,...
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
 
Sjug aug 2010_cloud
Sjug aug 2010_cloudSjug aug 2010_cloud
Sjug aug 2010_cloud
 
How Ansible Makes Automation Easy
How Ansible Makes Automation EasyHow Ansible Makes Automation Easy
How Ansible Makes Automation Easy
 
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container ServicePlay Framework + Docker + CircleCI + AWS + EC2 Container Service
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
 
Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!Deploy like a Boss: Using Kubernetes and Apache Ignite!
Deploy like a Boss: Using Kubernetes and Apache Ignite!
 

Destaque

Destaque (15)

Test Driven Development with Puppet - PuppetConf 2014
Test Driven Development with Puppet - PuppetConf 2014Test Driven Development with Puppet - PuppetConf 2014
Test Driven Development with Puppet - PuppetConf 2014
 
Taking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – ArchitectureTaking Splunk to the Next Level – Architecture
Taking Splunk to the Next Level – Architecture
 
اقتصاد المعرفة في المؤسسة الاقتصادية الجزائرية (دراسة حالة استقصائية)
اقتصاد المعرفة في المؤسسة الاقتصادية الجزائرية (دراسة حالة استقصائية)اقتصاد المعرفة في المؤسسة الاقتصادية الجزائرية (دراسة حالة استقصائية)
اقتصاد المعرفة في المؤسسة الاقتصادية الجزائرية (دراسة حالة استقصائية)
 
مفهوم المعرفة وانواعها
مفهوم المعرفة وانواعهامفهوم المعرفة وانواعها
مفهوم المعرفة وانواعها
 
How To Install and Configure Splunk on RHEL 7 in AWS
How To Install and Configure Splunk on RHEL 7 in AWSHow To Install and Configure Splunk on RHEL 7 in AWS
How To Install and Configure Splunk on RHEL 7 in AWS
 
Machine Learning
Machine LearningMachine Learning
Machine Learning
 
How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7How To Install and Use ABRT CLI on RHEL 7
How To Install and Use ABRT CLI on RHEL 7
 
How To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShellHow To Check file exists and Delete PowerShell
How To Check file exists and Delete PowerShell
 
How To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShellHow To View Current Execution Policy PowerShell
How To View Current Execution Policy PowerShell
 
How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7How To Reset root Password on CentOS 7
How To Reset root Password on CentOS 7
 
How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7How to Install Configure and Use sysstat utils on RHEL 7
How to Install Configure and Use sysstat utils on RHEL 7
 
How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7How to Upgrade Openfire on CentOS 7
How to Upgrade Openfire on CentOS 7
 
مفهوم إدارة المعرفة
مفهوم إدارة المعرفةمفهوم إدارة المعرفة
مفهوم إدارة المعرفة
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenter
 
Splunk Überblick
Splunk ÜberblickSplunk Überblick
Splunk Überblick
 

Semelhante a Using Puppet To Manage Splunk

Managing-Splunk-with-Puppet 31-January-2022.pdf
Managing-Splunk-with-Puppet 31-January-2022.pdfManaging-Splunk-with-Puppet 31-January-2022.pdf
Managing-Splunk-with-Puppet 31-January-2022.pdf
ssusera181ef
 
CLOUD COMPUTING unit-5 NIMBUS.pptx
CLOUD COMPUTING unit-5 NIMBUS.pptxCLOUD COMPUTING unit-5 NIMBUS.pptx
CLOUD COMPUTING unit-5 NIMBUS.pptx
19DI18MADHAVS
 
Using puppet
Using puppetUsing puppet
Using puppet
Alex Su
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
Docker, Inc.
 
One click deployment
One click deploymentOne click deployment
One click deployment
Alex Su
 

Semelhante a Using Puppet To Manage Splunk (20)

Managing-Splunk-with-Puppet 31-January-2022.pdf
Managing-Splunk-with-Puppet 31-January-2022.pdfManaging-Splunk-with-Puppet 31-January-2022.pdf
Managing-Splunk-with-Puppet 31-January-2022.pdf
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2
 
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE LabHow to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
How to Deploy Spark Instance Using Ansible 2.0 in FIWARE Lab
 
CLOUD COMPUTING unit-5 NIMBUS.pptx
CLOUD COMPUTING unit-5 NIMBUS.pptxCLOUD COMPUTING unit-5 NIMBUS.pptx
CLOUD COMPUTING unit-5 NIMBUS.pptx
 
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpracticesConf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
Conf2015 d waddle_defense_pointsecurity_deploying_splunksslbestpractices
 
Building analytical microservices powered by jupyter kernels
Building analytical microservices powered by jupyter kernelsBuilding analytical microservices powered by jupyter kernels
Building analytical microservices powered by jupyter kernels
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search Dojo Splunk Ninja: New Features, Pivot and Search Dojo
Splunk Ninja: New Features, Pivot and Search Dojo
 
Splunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search DojoSplunk Ninjas: New Features, Pivot and Search Dojo
Splunk Ninjas: New Features, Pivot and Search Dojo
 
Splunk best practices
Splunk best practicesSplunk best practices
Splunk best practices
 
Jupyter con meetup extended jupyter kernel gateway
Jupyter con meetup extended jupyter kernel gatewayJupyter con meetup extended jupyter kernel gateway
Jupyter con meetup extended jupyter kernel gateway
 
Practical Pig and PigUnit (Michael Noll, Verisign)
Practical Pig and PigUnit (Michael Noll, Verisign)Practical Pig and PigUnit (Michael Noll, Verisign)
Practical Pig and PigUnit (Michael Noll, Verisign)
 
Using puppet
Using puppetUsing puppet
Using puppet
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
 
Simple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansibleSimple flexible deployments with openstack ansible
Simple flexible deployments with openstack ansible
 
Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017Splunk n-box-splunk conf-2017
Splunk n-box-splunk conf-2017
 
Splunk metrics via telegraf
Splunk metrics via telegrafSplunk metrics via telegraf
Splunk metrics via telegraf
 
One click deployment
One click deploymentOne click deployment
One click deployment
 

Mais de Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

Mais de Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Último

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Último (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

Using Puppet To Manage Splunk

  • 1. Using  Puppet  To  Manage  Splunk   Carl  Schwenk,  Senior  Systems  Administrator,  Citrix  Systems  
  • 2. Introduc@on   ü Carl  Schwenk   ü Senior  Systems  Administrator   ü Citrix  Online   ü Santa  Barbara,  CA   ü Carl.Schwenk@Citrix.com   The 2nd Annual Splunk Worldwide Users Conference 2   © Copyright Splunk 2011
  • 3. The 2nd Annual Splunk Worldwide Users Conference 3   © Copyright Splunk 2011
  • 4. Splunk  @  Citrix   Splunk Index 100+ Sourcetypes 10000+ Sources Custom Config Files NetScaller Load Balancer Scripted input data Host & Product status data The 2nd Annual Splunk Worldwide Users Conference 4   © Copyright Splunk 2011
  • 5. What  is  Puppet?   Puppet   …is  not..   …is…   A  config  file  transport  system   State  Enforcement   DriK   Management   A  means  of  remotely  execu@ng  arbitrary   Rapid  deployment  and  configura@on   Automated   commands   management.     Provisioning     A  replacement  for  good  administra@on   Only  as  good  as  the  developer  that  runs  it.   prac@ces.     Adop@on   The 2nd Annual Splunk Worldwide Users Conference 5   © Copyright Splunk 2011
  • 6. Why  Manage  Splunk  with  Puppet?   Deployment  Manager   Puppet   •  Manage  forwarders  by  classes  of   •  Uses  exis@ng  host  classifica@ons.     Forwarder  Config   servers   •  Automa@cally  provisioned  for  new  hosts   Management     •  Manage  Indexer  and  Search  head   •  Manage  Splunk  servers  in  one  place.   inputs  in  one  place.   •  Rapid  Splunk  scaling.     Indexer  &  Search   •  Configura@ons  are  backed  up  and  load   Head  Management   balanced     •  U@lizes  the  Splunk  Deployment   •  Maintains  forwarder  running  state   Monitor  applica@on  to  alert  status  of   Forwarder  Running   forwarders   •  Keeps  forwarder  updated  with  current   config   Management   •  No  code  to  learn.  Easy  to  use   interface.   The 2nd Annual Splunk Worldwide Users Conference 6   © Copyright Splunk 2011
  • 7. class splunk::forwarder { Puppet  Code   File { owner => ‘splunk', group => ‘splunk', require => Package['splunkforwarder'], notify => Exec['splunk_first_time_run', 'splunk_restart'], } $splunk_home = "/opt/splunkforwarder" Package { "splunkforwarder":} ensure => latest service { "splunkforwarder": enable => true, ensure => running, require => [File['splunkforwarder-init'],Package['splunkforwarder']], } file { "${splunk_home}/etc/apps/${outputs}": ensure => directory, recurse => true, alias => 'outputs', source => "puppet:///modules/splunk/${outputs}", } file { "${splunk_home}/etc/apps/base_inputs": ensure => directory, recurse => true, source => "puppet:///modules/splunk/base_inputs", alias => 'base_inputs', } if $splunk_profile { $inputs = split($splunk_profile,",") define install_class_apps { file { "${splunk_home}/etc/apps/${name}": ensure => directory, recurse => true, source => "puppet:///modules/splunk/${name}", } } install_class_apps { $inputs:; } } exec { "${splunk_home}/bin/splunk start --accept-license": alias => "splunk_first_time_run", onlyif => "/usr/bin/test -e ${splunk_home}/ftr", require => Package["splunkforwarder"], } exec { "${splunk_home}/bin/splunk restart": alias => "splunk_restart", onlyif => "/usr/bin/test ! -e ${splunk_home}/ftr", refreshonly => true; } } The 2nd Annual Splunk Worldwide Users Conference 7   © Copyright Splunk 2011
  • 8. The  Foreman  –  Configura@on  Inheritance   Global Configurations All hosts get packages splunkforwarder WWW MySQL Host Host Group Group $splunk_app = apache $splunkapp = mysql Secure MySQL www-backup Host Host $splunk_app = apache, backup $splunk_app = mysql, audit The 2nd Annual Splunk Worldwide Users Conference 8   © Copyright Splunk 2011
  • 9. The  Foreman  –  Dashboard   The 2nd Annual Splunk Worldwide Users Conference 9   © Copyright Splunk 2011
  • 10. Lessons  Learned   ü Splunk  +  Puppet  =  BFF     ü Start  simply   ü Grow  slowly   ü Document   ü User  adop@on  may  be  your  hardest  challenge   The 2nd Annual Splunk Worldwide Users Conference 10   © Copyright Splunk 2011
  • 11. Puppet  Code  for  Splunk  4.2   hdp://forge.puppetlabs.com   ü Universal  Forwarder  code  coming  soon   ü Indexer  and  Search  head  code  to  come  soon   The 2nd Annual Splunk Worldwide Users Conference 11   © Copyright Splunk 2011
  • 12. Using  Puppet  To  Manage  Splunk   Carl  Schwenk,  Senior  Systems  Administrator,  Citrix  Systems