BreadcrumbHomeResourcesBlog Puppet and Splunk: Integrations To Improve Reporting Speed, Scale + Remediation March 8, 2019 Puppet and Splunk: Integrations to Improve Reporting Speed, Scale + RemediationEcosystems & IntegrationsHow to & Use CasesBy Chris BarkerPuppet and Splunk are two of the most powerful, important tools you can use to monitor and configure your systems and infrastructure. In this blog, we'll explain how Splunk and Puppet work together to give you a heads up about issues in your infrastructure and the tools you need to resolve them automatically.Table of ContentsWhat is Puppet in Splunk?Puppet and Splunk: Better Insights for Faster FixesExamples of Puppet and Splunk In ActionWhat is Puppet in Splunk?Splunk is software that lets you monitor and analyze machine data to give you an idea of what's going on with your systems, and Puppet integrates with Splunk to take action on the information Splunk feeds you. Once Splunk has detected an issue, Bolt can gather even more contextual data you can use to tell Puppet to resolve that issue automatically.Puppet and Splunk have long been complementary technologies in our users’ environments: you can use Puppet to deploy and manage Splunk, and Splunk can provide insights into your Puppet Infrastructure.Puppet and Splunk: Better Insights for Faster FixesPuppet and Splunk work together to tell you what's happening with your infrastructure and give you the information you need to start fixing issues automatically. Together, they're an efficient way to manage your infrastructure, especially at scale with many applications to manage and administrate.There are a few key ways Puppet and Splunk integrate to give you actionable information and automatic remediation capabilities:The splunk_hec Module for PuppetThe first integration is the splunk_hecPuppet module which enables you to send Puppet agent run reports to Splunk and also submit data via Bolt Tasks in a Plan. That means that in Splunk, you can report on, set up alerts for, and aggregate all of the data generated from Puppet reports and Bolt Tasks, and the powerful Bolt Apply features.The Puppet Report Viewer for SplunkNow that you're sending this data into Splunk, what are you going to do with it? That's where the Puppet Report Viewer Add-on for Splunk steps in. It provides an overview of reports present in Splunk via a dashboard view. Regardless of what type of Puppet user you are (open source Puppet, Puppet Enterprise, or just getting started with Bolt), we've got you covered. Additionally, the dashboards are customizable, exportable and reusable, giving you added flexibility and insight into your data.The Puppet Report Viewer also makes it easier to remediate quickly by enabling you to run Bolt Tasks. Puppet Bolt can help remediate without logging into servers. That means you can delegate to save time on manual processes and ticket passing, letting your team ideal with bigger problems instead of repetitive everyday tasks.Related: Check out our podcast on Bolt: Uniting Models and TasksExamples of Puppet and Splunk In ActionIn order to keep the report processing lightweight and scalable to hundreds of thousands of nodes, the splunk_hec report processor submits a summary of the Puppet report. The goal is to make a predictable amount of data submitted to Splunk regardless of how much your infrastructure is puppetized.However, there are times when you may want more details. Examples include the possibility of a failed Puppet run, or for a Puppet Enterprise customer in a regulated environment, or a corrective change indicating a remediation event just occurred.Here's a summary overview in Splunk:And here's a Bolt overview in Splunk:Sometimes you need more information. Here's where our new integrations come in handy.Even More Context for Better Decision-MakingIncluded in the Puppet Report Viewer Add-on is the Detailed Puppet Report Generator actionable alert, which when given a Puppet summary report will be able to build a complete report history, including:inventory informationlog data, andresource events associated with the original summary reportThis feature is available for Puppet Enterprise users. Once the alert is configured, the detailed tab of the Puppet Report Viewer Add-on in Splunk will start populating with data gathered from those detailed reports. Here are examples of dashboards you can build around the data Puppet is submitting to Splunk:Here's an example of a detailed Puppet Report Viewer overview from the Splunk dashboard:Here's an example of a detailed event in the Puppet Report Viewer Add-on in Splunk:TRY PUPPET ENTERPRISE FREE Learn MoreFind Puppet and Splunk integrations on the Puppetize Splunkbase account.How to use Bolt tasks for better Splunk reporting.Download our white paper to learn how Splunk and Bolt can help with automation.This Splunk case study explains how Puppet helped Splunk to scale its operations efficiently.Explore the ways Puppet and Splunk integrate for better DevOps.
Chris Barker Senior Principal Integration Engineer, Puppet by Perforce Turning in his pager for an airline miles membership, Chris Barker now helps fellow system administrators refine and automate their infrastructure. In his past life as a systems administrator, he has administered Linux, Windows, and OS X systems in infrastructure ranging from small businesses to Fortune 500 companies. He was drawn to Puppet due to his automation-driven creativity. When not traveling for Puppet, he resides in Portland, OR automating parts of his house and deconstructing cocktails.