homeblogintroducing puppet and splunk integrations improve reporting speed and scale

Introducing Puppet and Splunk integrations to improve reporting speed and scale

Editor's Note: We've integrated the benefits of the Splunk App and Add-On modules into our recent work here. Read on to learn more about how to access and use the splunk_hec module and the Splunk Report Viewer Add-On.

Last October we announced the updates to our portfolio of integrations with Splunk. I'm excited to share that we're now adding two more complimentary integrations.

Puppet and Splunk have long been complimentary technologies in our users’ environments: you can use Puppet to deploy and manage Splunk, and Splunk can provide insights into your Puppet Infrastructure. We’re releasing two integrations that unite Puppet Runs and Bolt / Tasks with Splunk's data platform and alerting systems.

Meet the splunk_hec module

The first integration is the splunk_hec Puppet module which enables you to send Puppet agent run reports to Splunk and also submit data via Bolt Tasks in a Plan. That means you can now use all of Splunk’s reporting, alerting, and data aggregation tools with all of the data generated from Puppet reports and Bolt Tasks, and the powerful Bolt Apply features.

Introducing the Puppet Reporter Viewer Add-on

The second integration is the Puppet Report Viewer Add-on for Splunk. Now that you're sending this data into Splunk, what can you do with it? That's where the Report Viewer steps in. It provides an overview of reports present in Splunk via a dashboard view. Regardless of what type of Puppet user you are (open source Puppet, Puppet Enterprise, or just getting started with Bolt), we've got you covered. Additionally, the dashboards are customizable, exportable and reusable, giving you added flexibility and insight into your data.

Big improvements to reporting speed and scale

In order to keep the report processing lightweight and scalable to hundreds of thousands of nodes, the splunk_hec report processor submits a summary of the Puppet report. The goal is to make a predictable amount of data submitted to Splunk regardless of how much your infrastructure is puppetized.

However, there are times when you may want more details. Examples include the possibility of a failed Puppet run, or for a Puppet Enterprise customer in a regulated environment, or a corrective change indicating a remediation event just occurred.

Puppet summary reports overview

Here's a summary overview in Splunk

Bolt summary report

Here's a Bolt overview in Splunk

Sometimes you need more information. Here's where our new integrations come in handy.

Add more context and details on demand

Included in the Puppet Report Viewer Add-on is the Detailed Puppet Report Generator actionable alert, which when given a Puppet summary report will be able to build a complete report history, including:

  • inventory information
  • log data, and
  • resource events associated with the original summary report

This feature is available for Puppet Enterprise users. Once the alert is configured, the detailed tab of the Puppet Report Viewer Add-on in Splunk will start populating with data gathered from those detailed reports. Here are examples of dashboards you can build around the data Puppet is submitting to Splunk:

Puppet details reports overview

Example of detailed overview from the Splunk dashboard

Puppet detailed report

Example of detailed event

The Puppet Report Viewer Add-on and the integrations from last October are now released under our Splunkbase account: Puppetize, offering one place to go on SplunkBase for all Puppet maintained integrations into the Splunk platform.

We want to learn more from our users

Lastly, we're looking to add more features and upgrades to these integrations. In particular if you are a Splunk user new to Puppet, a Puppet user new to Splunk or just interested in getting more reporting, sign up to talk with us and get swag!

Chris Barker is a senior principal integration engineer at Puppet.

Learn more

Use these links to learn more about Puppet and Splunk.