Documentation Index
Fetch the complete documentation index at: https://docs.jacobpevans.com/llms.txt
Use this file to discover all available pages before exploring further.
Splunk Enterprise, deployed the same way every time. Indexers, search heads, license, done.
ansible-splunk is the configuration tier for Splunk Enterprise. It deploys and configures a Splunk install onto hosts that tf-splunk-aws provisioned (or onto homelab hardware that ansible-proxmox configured), then maintains the install through ongoing playbook runs.
What it does
- Installs Splunk Enterprise and applies a license
- Configures indexes, HEC tokens, and storage tiering (hot/warm/cold)
- Sets up indexer clustering and search head distribution where applicable
- Wires in conf bundles from the AI-observability Splunk apps and TAs
- Runs idempotently — safe to re-run as a drift-correction tool
How it fits
| Upstream | Deploys | Feeds |
|---|---|---|
| Proxmox config or Splunk on AWS hands over ready hosts | Splunk Enterprise, the AI-observability TA + apps | Cribl Stream forwards events over HEC into this Splunk |
Getting started
Confirm hosts are ready
Run
tf-splunk-aws (cloud) or ansible-proxmox (homelab) first. Hosts need OS, storage, and network in place.Clone and enter the dev shell
git clone https://github.com/JacobPEvans/ansible-splunk && cd ansible-splunk && nix developProvide Splunk license and HEC tokens via Doppler
DOPPLER_TOKEN resolves the Splunk license file and any pre-shared HEC tokens at run time. No secrets in git.Related repos
tf-splunk-aws
The AWS provisioner for Splunk hosts.
Observability overview
Where this fits in the OTEL → Cribl → Splunk pipeline.
Data pipelines
The traffic this Splunk install actually receives.
Source on GitHub
Roles, inventory examples, full README.