I recently had to reinstall my personal Splunk instance and reconfigure my endpoints to log back to my Splunk. In the past, it was a long process of SSHing into each host and manually reinstalling Universal Forwarders on each host. Thankfully, I’ve been learning a bit of Ansible and decided to take on a small side project of building a role that installs Universal Forwarders on Windows, Debian, ARM (Rpi), and FreeBSD clients.
Continue reading “Ansible Splunk Forwarder Role”