top of page

Recent Posts

Performance assessment and tuning experiences with RHEL

Performance assessment and tuning experiences with RHEL

POC on Red Hat Directory Server (RHDS)

POC on Red Hat Directory Server (RHDS)

Migrate Elasticsearch Index to OpenSearch Index.

Migrate Elasticsearch Index to OpenSearch Index.

Rootless Podman Container And UID/GID Mapping in Ansible Automation Platform 2

Rootless Podman Container And UID/GID Mapping in Ansible Automation Platform 2

How To Change Control Plane Execution Environment Settings

How To Change Control Plane Execution Environment Settings

Install SSL Certificates for Ansible Automation Controller and Automation Hub

Install SSL Certificates for Ansible Automation Controller and Automation Hub

Search

Munshi Hafizul Haque

Jul 30, 20202 min read

How to integrate Ansible Tower with Splunk logging.

Updated: Oct 3, 2021

As we know, Ansible Tower can be integrate with Splunk logging using the Splunk HTTP Event Collector (HEC). And we need to configuring a Splunk logging aggregator and add the full URL of the HTTP Event Collector host in the Ansible Tower.

In my 1st Splunk related post, we have discussed on configuring HTTP Event Collector (HEC). See "How To Install Splunk in Red Hat Enterprise Linux 7" for more details.

Ansible Tower configuring:

Step:1 To configure the Ansible Tower’s to integrate Splunk logging integration

Select Settings from the left side menu and then click System, as below

Select Settings from the left side menu and then click System, as below

Note: OFF/DISABLE "ENABLE/DISABLE HTTPS CERTIFICATE VERIFICATION" if required.

Select Save and click test to verify the configuration. we will get a massage, as below.

We can also verify the configuration from the api URL, as below

https://atower.lab.munshibari.biz/api/v2/settings/logging/

Verify the Ansible Logs from the Splunk:

We can search the logs in "Search & Reporting" windows from the Splunk Web based GUI.

1. Click the Search & Reporting from the Home page.

2. Click the Data Summary from the Search page

2 Click SourceTypes > httpevent, as below.

Now we can see the event message from the atower.lab.munshibari.biz, as below.

Okay, the Ansible Tower’s and the Splunk integration working fine. we can test something more.

Launch a Job Template from Ansible Tower:

We are going to launch a Job Template from the Ansible Tower GUI, as below.

This Job Template will do repetitive ping to Ansible Tower itself. and the successful reports shows as below.

We can see, the Job Template ID is 194 and the total task is 102 on the above screen shot.

And the last ping TASK that started from 309 and ended 311 as well as the PLAY RECAP started from 312 and ended 315.

Verify the Ansible Job Template Logs from the Splunk:

we can see the HTTP Events summary in the Splunk with the same Template ID (194) as well as the totals tasks number (102), as below.

The PLAY RECAP that started from 312 and ended 315.

We can also see every task information, as below.

It's last ping TASK that started from 309 and ended 311.

Hope this post will help.

Recent Posts

POC on Red Hat Directory Server (RHDS)

Rootless Podman Container And UID/GID Mapping in Ansible Automation Platform 2

How To Change Control Plane Execution Environment Settings

Comments

Log In to Connect With Members

View and follow other members, leave comments & more.

bottom of page