Get Puppet Enterprise First 10 nodes are free!
Try it now
Request a demo
Automate IT and infrastructure, manage complex workflows, and mitigate risk at scale.
Try the full-featured Puppet Enterprise for free on 10 nodes.
Puppet Comply Find and prevent compliance failures
Compliance EnforcementRemediate to stay in compliance
Continuous Delivery for Puppet Enterprise Build, test, and deploy infrastructure as code faster and easier
Content & Modules Pre-built scripts to automate common tasks
CentOS EOL Here’s how to secure your CentOS infrastructure – even after EOL.
Find thousands of component modules built by the community and guidance on using them in your own infrastructure.
Visit Puppet Forge >>
Open Source PuppetPerfect for individuals and small infrastructure
BoltAutomate tasks in orchestration workflows
See all open source projects >>
Contribute to open source projects >>
Puppet and Splunk are two of the most powerful, important tools you can use to monitor and configure your systems and infrastructure. In this blog, we'll explain how Splunk and Puppet work together to give you a heads up about issues in your infrastructure and the tools you need to resolve them automatically.
Table of Contents
Splunk is software that lets you monitor and analyze machine data to give you an idea of what's going on with your systems, and Puppet integrates with Splunk to take action on the information Splunk feeds you. Once Splunk has detected an issue, Bolt can gather even more contextual data you can use to tell Puppet to resolve that issue automatically.
Puppet and Splunk have long been complementary technologies in our users’ environments: you can use Puppet to deploy and manage Splunk, and Splunk can provide insights into your Puppet Infrastructure.
Puppet and Splunk work together to tell you what's happening with your infrastructure and give you the information you need to start fixing issues automatically. Together, they're an efficient way to manage your infrastructure, especially at scale with many applications to manage and administrate.
There are a few key ways Puppet and Splunk integrate to give you actionable information and automatic remediation capabilities:
The first integration is the splunk_hecPuppet module which enables you to send Puppet agent run reports to Splunk and also submit data via Bolt Tasks in a Plan. That means that in Splunk, you can report on, set up alerts for, and aggregate all of the data generated from Puppet reports and Bolt Tasks, and the powerful Bolt Apply features.
Now that you're sending this data into Splunk, what are you going to do with it? That's where the Puppet Report Viewer Add-on for Splunk steps in. It provides an overview of reports present in Splunk via a dashboard view. Regardless of what type of Puppet user you are (open source Puppet, Puppet Enterprise, or just getting started with Bolt), we've got you covered. Additionally, the dashboards are customizable, exportable and reusable, giving you added flexibility and insight into your data.
The Puppet Report Viewer also makes it easier to remediate quickly by enabling you to run Bolt Tasks. Puppet Bolt can help remediate without logging into servers. That means you can delegate to save time on manual processes and ticket passing, letting your team ideal with bigger problems instead of repetitive everyday tasks.
Related: Check out our podcast on Bolt: Uniting Models and Tasks
In order to keep the report processing lightweight and scalable to hundreds of thousands of nodes, the splunk_hec report processor submits a summary of the Puppet report. The goal is to make a predictable amount of data submitted to Splunk regardless of how much your infrastructure is puppetized.
However, there are times when you may want more details. Examples include the possibility of a failed Puppet run, or for a Puppet Enterprise customer in a regulated environment, or a corrective change indicating a remediation event just occurred.
Here's a summary overview in Splunk:
And here's a Bolt overview in Splunk:
Sometimes you need more information. Here's where our new integrations come in handy.
Included in the Puppet Report Viewer Add-on is the Detailed Puppet Report Generator actionable alert, which when given a Puppet summary report will be able to build a complete report history, including:
This feature is available for Puppet Enterprise users. Once the alert is configured, the detailed tab of the Puppet Report Viewer Add-on in Splunk will start populating with data gathered from those detailed reports. Here are examples of dashboards you can build around the data Puppet is submitting to Splunk:
Here's an example of a detailed Puppet Report Viewer overview from the Splunk dashboard:
Here's an example of a detailed event in the Puppet Report Viewer Add-on in Splunk:
TRY PUPPET ENTERPRISE FREE
Senior Principal Integration Engineer, Puppet by Perforce