Editor's Note: We've integrated the benefits of the Splunk App and Add-On modules into our recent work here. Read on to learn more about how to access and use the
splunk_hec module and the Splunk Report Viewer Add-On.
Last October we announced the updates to our portfolio of integrations with Splunk. I'm excited to share that we're now adding two more complimentary integrations.
Puppet and Splunk have long been complimentary technologies in our users’ environments: you can use Puppet to deploy and manage Splunk, and Splunk can provide insights into your Puppet Infrastructure. We’re releasing two integrations that unite Puppet Runs and Bolt / Tasks with Splunk's data platform and alerting systems.
The first integration is the
splunk_hec Puppet module which enables you to send Puppet agent run reports to Splunk and also submit data via Bolt Tasks in a Plan. That means you can now use all of Splunk’s reporting, alerting, and data aggregation tools with all of the data generated from Puppet reports and Bolt Tasks, and the powerful Bolt Apply features.
Introducing the Puppet Reporter Viewer Add-on
The second integration is the Puppet Report Viewer Add-on for Splunk. Now that you're sending this data into Splunk, what can you do with it? That's where the Report Viewer steps in. It provides an overview of reports present in Splunk via a dashboard view. Regardless of what type of Puppet user you are (open source Puppet, Puppet Enterprise, or just getting started with Bolt), we've got you covered. Additionally, the dashboards are customizable, exportable and reusable, giving you added flexibility and insight into your data.
Big improvements to reporting speed and scale
In order to keep the report processing lightweight and scalable to hundreds of thousands of nodes, the
splunk_hec report processor submits a summary of the Puppet report. The goal is to make a predictable amount of data submitted to Splunk regardless of how much your infrastructure is puppetized.
However, there are times when you may want more details. Examples include the possibility of a failed Puppet run, or for a Puppet Enterprise customer in a regulated environment, or a corrective change indicating a remediation event just occurred.
Sometimes you need more information. Here's where our new integrations come in handy.
Add more context and details on demand
Included in the Puppet Report Viewer Add-on is the Detailed Puppet Report Generator actionable alert, which when given a Puppet summary report will be able to build a complete report history, including:
- inventory information
- log data, and
- resource events associated with the original summary report
This feature is available for Puppet Enterprise users. Once the alert is configured, the detailed tab of the Puppet Report Viewer Add-on in Splunk will start populating with data gathered from those detailed reports. Here are examples of dashboards you can build around the data Puppet is submitting to Splunk:
The Puppet Report Viewer Add-on and the integrations from last October are now released under our Splunkbase account: Puppetize, offering one place to go on SplunkBase for all Puppet maintained integrations into the Splunk platform.
We want to learn more from our users
Lastly, we're looking to add more features and upgrades to these integrations. In particular if you are a Splunk user new to Puppet, a Puppet user new to Splunk or just interested in getting more reporting, sign up to talk with us and get swag!
Chris Barker is a senior principal integration engineer at Puppet.
Use these links to learn more about Puppet and Splunk.
- Puppet + Splunk: It’s like a cheat code for DevOps
- Keep an eye out for Splunk hours in the Puppet Community Slack
- Watch Splunk’s talk at Puppetize Live
- Check out the “Automate Your IT! Moving Faster with Puppet and Splunk” session at .conf18
- Read the 2018 State of DevOps Report