Integrate Splunk Logging with Ansible Automation Controller

Learn to integrate Splunk logging with Ansible Automation Controller. Follow this guide for setting up Splunk HTTP Event Collector and configuring log aggregation.

Introduction

In today’s rapidly evolving IT landscape, robust logging and centralized log aggregation are critical components for ensuring your infrastructure's stability, security, and performance. Automation Controller, a powerful tool in the realm of IT operations, offers seamless integration with external log aggregation services like Splunk, enabling you to gain valuable insights into your system’s behavior and troubleshoot issues effectively. We explore how to set up Splunk logging integration with Automation Controller using the Splunk HTTP Collector.

Logging plays a pivotal role in providing comprehensive insights into the performance and usage of systems. Ansible Automation Controller offers a powerful logging and aggregation feature, enabling detailed logs to be sent to third-party external log aggregation services. These services serve as valuable tools for understanding controller behavior, technical trends, and system health.

Key Highlights:

Aggregated Data: By sending logs to external aggregation services, administrators gain the ability to analyze events within the infrastructure comprehensively. This helps in monitoring for anomalies, correlating events between different services, and gaining deeper insights into system operations.

Data Types: The types of data most beneficial to the controller include job fact data, job events/job runs, activity stream data, and log messages. These data types provide a well-rounded view of the controller’s activities and performance.

Data Format and Transmission: Logs are sent in JSON format over an HTTP connection. This ensures efficient data transmission while allowing for minimal service-specific adjustments.

rsyslog Version and Management: Ansible Automation Controller installation updates the rsyslog version. To avoid conflicts and ensure proper logging, administrators are advised to use the controller-provided rsyslog package. For systems that use rsyslog outside the controller, careful consideration is needed to prevent version conflicts.

Configurable Handling of Offline Logging: The controller’s rsyslog process can be configured to manage messages during external logger outages. Parameters like LOG_AGGREGATOR_MAX_DISK_USAGE_GB and LOG_AGGREGATOR_MAX_DISK_USAGE_PATH determine how logs are stored and retried.

Loggers: Different Perspectives on Data:

job_events: Provides data from the Ansible callback module, giving insights into job executions.

activity_stream: Tracks changes to objects within the automation controller application, aiding in understanding user actions and system modifications.

system_tracking: Gathers fact data through the Ansible setup module, particularly valuable when job templates are executed with “Enable Fact Cache” selected.

awx: Offers generic server logs, capturing standard metadata and log message content.

Standard Controller Logs: These logs can be managed similarly to specialized loggers and can be enabled or disabled as need