chef-partners/splunk-relay

Name: splunk-relay

Owner: Chef Partners

Description: null

Created: 2017-10-02 12:58:03.0

Updated: 2017-10-02 12:58:03.0

Pushed: 2017-10-02 16:14:03.0

Homepage: null

Size: 400

Language: null

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

Splunk relay for Chef Automate

Deploy to Azure

Use this Chef Automate Splunk integration to channel notification messages such as:

into Splunk.

You will need a Splunk account that has been configured with an HTTP Event Collector input. From Splunk you will need the customer id and the token in order to post data.

Parameters

The template contains a number of parameters that customise the way in which the function is deployed and runs. The following table describes these parameters.

| Name | Description | Default Value | |——|————-|—————| | functionsAppName | Name of the Function App within the resource group | chef-automate-relay-splunk | | functionsStorageAccountType | Storage type for the storage account in which the function will be stored | Standard_LRS | | splunkCustomerId | Customer ID within the Splunk platform | | | splunkToken | API Token that has been set on the HTTP Endpoint Collector (HEC) | | | splunkChannel | UUID string to designate a channel within Splunk | | | splunkPort | Port on which to communciate with the HEC | 8088 | | splunkNoSslVerify | Do not verify the Splunk HEC certificate | 0 |

The splunkChannel and splunkNoSslVerify are specified on the URL for the Azure Function when called. The format is as follows

log type is intended to be one of the following options and allows Chef client and Cmpliance information to be tagged accordingly:

hefClientRunFailure
omplianceFailure

`xxxxxx` for the code is the token that is required when using the Azure Function. This is retrievebale from the function itself or the outputs of the ARM template.


ow to deploy the template

Azure Portal

ly press the [Deploy to Azure](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fchef-partners%2Fsplunk-relay%2Fmaster%2Fazuredeploy.json) button to launch the template within your Azure Subscription. You are required to complete the form:

ure Portal Parameters](images/azure_portal_parameters.png)

 the deployment has completed go to the Resource Group and click the item below 'Deployments'. (It should state '1 Succeeded'). Then click on the 'Microsoft.Template' to show the outputs:

ure Portal Outputs](images/azure_portal_outputs.png)

e outputs are required when configuring Chef Automate.

Command Line

rnatively the relay can be deployed from the command line using the Azure CLI or Powershell.

e the repo to the local machine.
 Azure CLI

az group create -n “splunk-relay-example” -l “westeurope” az group deployment create -g “splunk-relay-example” –template-file azuredeploy.json –parameters @parameters.json –no-wait

outputs from the template can be see when the deployment is interrogated.

az group deployment list -g “splunk-relay-example”

: The outputs will not be displayed until the deployment is complete and successful.

deployments from the command line are also shown in the Azure Portal.

 PowerShell

New-AzureRmResourceGroup -Name “splunk-relay-example” -Location “westeurope” New-AzureRmResourceGroupDeployment -Name “ExampleSplunkRelayDeployment” -ResourceGroupName “splunk-relay-example” -TemplateFile .\azuredeploy.json -TemplateParameterFile .\parameters.json

onfigure Automate

 the output information has been retrieved configure Chef Automate by adding a new Custom Notification in the Notifications tab.

stom Notifications](images/adding_notification.png)

l Notifications](images/automate_notifications.png)

s it! Now after some of the nodes have checked in you should be able to see data in the Splunk instance.

ef Automate logging to Splunk](images/splunk_search.png)

ompatibility

will need Chef Automate 1.6.99 or above to use this integration.

ou do not see 'Notifications' on the side bar, enable the functionality in Chef Automate visit the 'Nodes' tab, click on any white space on the page an type **BETA**. A new notifications side menu will appear.

icensing

 integration is provided free of charge to customers of Chef Automate. Charges may apply for usage of Splunk.

2017 Chef Software, Inc.
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.