mirror of https://github.com/ansible/splunk-eda-ta synced 2026-04-05 19:30:59 +00:00

No description

Python 99.8%
Shell 0.2%

Find a file

Martin Jackson 84b0c6324b Merge pull request #2 from ansible/stable-ci Add GH Actions cicd workflow		2025-07-07 08:59:43 -05:00
.github/workflows	Add GH Actions cicd workflow	2025-07-06 16:01:10 +03:00
cicd/scripts	Initial Commit	2025-04-15 16:58:08 -04:00
package	Release Version 1.0.1	2025-06-05 17:17:13 +03:00
.gitignore	Initial Commit	2025-04-15 16:58:08 -04:00
build.sh	Initial Commit	2025-04-15 16:58:08 -04:00
globalConfig.json	Release Version 1.0.1	2025-06-05 17:17:13 +03:00
LICENSE	Initial commit	2025-04-15 14:27:32 -04:00
README.md	update readme	2025-04-18 10:57:17 -04:00

README.md

Red Hat Event Driven Ansible Add-on for Splunk

Description

The add-on provides custom alert actions to send Splunk events to Event Driven Ansible. Currently webhook, and Kafka methods are supported. Works with generic EDA event source plugins for webhook, kafka.

Documentation

Build

This add-on is built with Splunk's UCC Generator. Install ucc-gen per the instructions.

Consider using a python virtual environment: Getting Started with UCC Then, execute the following from the command line in the root of this repository to build the add-on:

ucc-gen build --ta-version=<version>

Example:

ucc-gen build --ta-version=1.0.0

The add-on will be built in an output directory in the root of the repository.

Package

ucc-gen package --path=./output/ansible_addon_for_splunk

Usage

Configuration

Configuration of a service account, depends on the type of connection, and desired authentication method. Currently webhook supports none, basic, or API key based authentication. Kafka supports none, SASL plaintext, or with SSL.

Sending one or more events can be done in a variety of ways within Splunk:

Saved Search Alert Action
Custom Command
ITSI Episode Alert Action
Enterprise Security Adaptive Response Action