icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Puppet Report Viewer
SHA256 checksum (puppet-report-viewer_200.tgz) 6c94907953693b515f4542f9088ecaf5807717b2319eb60035a0d07840cfff9f SHA256 checksum (puppet-report-viewer_151.tgz) 3a67792b0a137aa66bf923319dd10a0934ae5e0f5f79a8368d2fd55248b1fe84 SHA256 checksum (puppet-report-viewer_135.tgz) 5ac2ee3db143a7b98f4a7c5447a3485935782eb662957f4b57c8fc698c76ff2b
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Puppet Report Viewer

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
This app integrates Puppet Enterprise or Puppet open source with Splunk to:
- Send Puppet node inventory, node facts, report summaries and report details into Splunk from one or more Puppet masters
- Automate taking action by triggering Bolt tasks from Actionable Alerts (Puppet Enterprise only)
- Maintain an audit log of Bolt actions that were run
- Trend Puppet inventory and fact data over time
- Power example dashboards and searches on Puppet data
- Provide operational metrics and dashboards for your Puppet deployment

Use cases:
- Share Puppet's rich, detailed inventory and change data with other teams for searches, dashboards and alerts
- Trend data over time to track progress or detect issues
- Make decisions faster by automatically triggering gathering the information you need to make a decision after Splunk has recognized an issue (Puppet Enterprise only)
- Resolve issues faster by automatically triggering remediations after Splunk has recognized an issue (Puppet Enterprise only)
- Monitor the health of your Puppet deployment
- Log and audit what ad hoc actions were run
- If you also need to deploy, configure and manage Splunk forwarders there is a Puppet module for that at https://forge.puppet.com/puppet/splunk

Included are:
- Sourcetypes for Puppet Summary reports, Detailed reports, facts and Puppet Bolt runs
- Actionable Alert to generate Puppet Detailed Reports on demand
- Example dashboards to see analysis options of the content provided in a report

Note: we have consolidated earlier Splunk add-ons for Puppet into this one. The older add-ons are no longer necessary and can be uninstalled.

This add-on requires installing the Splunk HEC Report Processor on the Puppet Servers one wishes to collect data from, which is available from https://forge.puppet.com/puppetlabs/splunk_hec

Puppet Report Viewer

Description

This is a Splunk Addon that provides views into the status of the Puppet installation that is sending its reports to Splunk via the HEC. To use this viewer it has to be installed alongside the splunk_hec report processor provided in the Puppet Forge. The report processor sends data from Puppet to Splunk via the HTTP Event Collector.

The steps to get this addon working are:

  1. Install the Puppet Report Viewer addon
  2. Create atleast one HEC input (puppet:summary)
  3. Install splunk_hec module in Puppet environment and configure with the HEC token and Splunk Server

Once configured, the overview page will start showing Puppet run report status, and information about changes over various windows of time. The views can be customized, updated, modified to suit your needs.

Reports Overview

For detailed report generation, a feature for Puppet Enterprise Users, there are additional steps one can perform, that first require configuration the AddOn with the appropriate credentials to talk to PuppetDB and to submit events to Splunk:

  1. Create puppet:detailed HEC input
  2. Create a Splunk user and role in the Puppet Enterprise console, with the permission to "View node data from PuppetDB" under the Nodes Type
  3. Configure Puppet Enterprise to support long life authentication tokens
  4. Generate an authentication token (example command) : curl -k -X POST -H 'Content-Type: application/json' -d '{"login": "splunk", "password": "password", "lifetime": "1y"}' https://localhost:4433/rbac-api/v1/auth/token
  5. On the configuration page of the addon provide the hostname of the PuppetDB server & auth token, along with the hostname of the Splunk instace running the HEC along with the puppet:detailed HEC token (this is important to use the puppet:detailed token and sourcetype, otherwise it is possible to create an alert action that continually calls itself)
  6. With the addon configured, perform a search for a specific event (such as a puppet run with a failed or changed status) sourcetype="puppet:summary"| spath status | search status=failed save it as an alert, and assign the action "Generate detailed report" from the action menu. No configuration of the action is needed.

Addon Configuration Screen

Report Builder

Advanced Configuration

All report views support using custom indexes for storing event data. They accomplish this with a series of advanced search macros. The queries assume each sourcetype can be stored in it's own index (facts, summary reports, detailed reports, bolt events, action events, Puppet Enterprise metrics).

There is one top level macro, puppet_index which defaults to "", if you configure the HEC to use a different index and want all Puppet in that index, change that value here to be index=puppetindexname.

If you are using puppetlabs/splunk_hec version 0.5.0 or later, you can specify different HEC tokens for Summary Reports, Facts, and Metrics. Then create an index and an associated HEC token associated with those sourcetypes, and configure both the splunk_hec module in Puppet with those new values. Actions, Bolt Events, and Detailed Reports are all submitted via different tools and would need ot be changed according to use a different HEC token. Then the corresponding macro's updated to use those indexes.

For example, if you want most Puppet data to go to one index, but Facts, Metrics, and Detailed Reports to go to their own indexes, one would follow these steps:
- Create four indexes: puppet_data, puppet_facts_data, puppet_metrics_data, and puppet_detailed_data (or whatever name makes sense), each with their desired timespan, retention, etc.
- Create four HEC's (example names):
1. puppet with sourcetype of puppet:summary and the index puppet_data
2. puppet_facts with sourcetype of puppet:facts and the index of puppet_facts_data
3. puppet_metrics with sourcetype of puppet:metrics and the index of puppet_metrics_data
4. puppet_detailed with sourcetype of puppet:detailed and the index of puppet_detailed_data
- Configure the splunk_hec module with the corresponding tokens
1. splunk_hec::token with the value from the puppet HEC (since you want all Puppet using splunk_hec plugin to go here, except for facts and metrics)
2. splunk_hec::token_facts with the value from the puppet_facts HEC
3. splunk_hec::token_metrics with the value from the puppet_metrics HEC
- Update the Puppet Report Viewer's configuration to use the puppet_detailed HEC token, because detailed reports are pulled from Puppet and generated by the alert action in this application
- Update the advanced search macros to use the new values:
1. Open Advanced Search under the Settings -> Knowledge menu
2. Select Search Macros
3. Select puppet_index and change the definition to index=puppet_data, click save
4. Select puppet_facts_index and change the definition to index=puppet_facts_data, click save
5. Select puppet_metrics_index and change the definition to index=puppet_metrics_data, click save
6. Select puppet_detailed_index and change the definition to index=puppet_detailed_data, click save
- Reload the main view of the Puppet Report Viewer app, and you should see data, or perform the following search:

`puppet_all_index` sourcetype=puppet:*

More information

This addon will be updated frequently with more dashboards and views to data as feedback is gathered. Contact Puppet via the developer link and watch the Puppet Community Office Hours calendar for future Splunk related events in our community Slack.

Release Notes

Version 2.0.0
Aug. 9, 2019

See full changelog at: https://github.com/puppetlabs/TA-puppet-report-viewer/blob/master/README/CHANGELOG.md
**Breaking Changes**:
- The alert action named `Generate detailed report` has been renamed `Generate a detailed Puppet report` to make it more specific. The internal name of the action has been renamed to `puppet_generate_detailed_report` from `generate_detailed_report` to prevent confusion with out alert actions and to ensure consistency with other. You will need to update existing searches using this action to use the new name, but no other changes to the searches is required.
- *alert actions will fail until Puppet Username is provided instead of PE auth token*
- *full URIs are now required instead of just hostnames* adds more flexibility the authorization methods (http support and custom ports) but you will need to redo your app configuration before alert actions resume functioning

Version 1.5.1
June 10, 2019

1.5.1:
New Features:
- Full dashboard updates
- Support for Facts sourcetype (puppet:facts), and dashboards to use it
- Introduces "Report Builder" page to help a user build reports and then craft custom search from the iterface to use for alerts or their own uses
- Introduces Advanced Search macros to allow for customized indexs without requiring to modify the app. See Advanced Configuration section of the readme
- Add's sourcetypes of puppet:action, puppet:metrics, for future use
- Example Alert added, the search to generate a detailed report for any summary report that isn't "unchanged" has been added to the app, but set as disabled

Fixes:
- Duplicate item entry fixed, sourcetype's are now configured to extract KV from json only once
- [Updated documentation](https://github.com/puppetlabs/ta-puppet-report-viewer)

Version 1.3.5
March 6, 2019

- Adjusted Logo
- Splunk HEC Report Processor 0.4.0 is released at https://forge.puppet.com/puppetlabs/splunk_hec

75
Installs
262
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.