Ansible Pilot

Integrate Splunk with Ansible Automation Controller Enhancing Monitoring and Insights with Logging Aggregation

How to integrate Splunk for Operational Efficiency of Logging and Aggregation in Ansible Automation Controller

August 2, 2023
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons


In today’s rapidly evolving IT landscape, robust logging and centralized log aggregation are critical components for ensuring your infrastructure’s stability, security, and performance. Automation Controller, a powerful tool in the realm of IT operations, offers seamless integration with external log aggregation services like Splunk, enabling you to gain valuable insights into your system’s behavior and troubleshoot issues effectively. We explore how to set up Splunk logging integration with Automation Controller using the Splunk HTTP Collector.

Logging plays a pivotal role in providing comprehensive insights into the performance and usage of systems. Ansible Automation Controller offers a powerful logging and aggregation feature, enabling detailed logs to be sent to third-party external log aggregation services. These services serve as valuable tools for understanding controller behavior, technical trends, and system health.

Key Highlights:

Loggers: Different Perspectives on Data:

Logging Schema and Configuration:

Logging Aggregator Services

The logging aggregator service facilitates integration with various monitoring and analysis systems:

Splunk: Utilizes the Splunk HTTP Collector for integration. Configuration settings, such as the host and loggers to send data, ensure seamless data transfer. Loggly: Set up logs transmission through Loggly’s HTTP endpoint. Sumologic: Create search criteria for collecting data needed for analysis. Elastic Stack: Requires configurations in the logstash logstash.conf file for integration.

The Best Resources For Ansible


Video Course

Printed Book


Why Splunk Logging Integration Matters

Effective log management is a cornerstone of modern IT operations. It allows organizations to proactively monitor their systems, detect anomalies, troubleshoot issues, and ensure compliance with industry standards. Splunk, a popular log aggregation and analysis platform, provides powerful capabilities to collect, index, search, and analyze machine-generated data. By integrating Splunk with Automation Controller, you can harness the full potential of your log data and derive actionable insights from it.

Splunk Data Inputs

Splunk HEC

We can test the Splunk endpoint using the curl command line utility:

curl -k -H "Authorization: Splunk 12345678-1234-1234-1234-123456789012" -d '{"event": "hello world"}'

Access the Logging Settings: Log in to your Automation Controller instance and navigate to the “Logging settings” section. This can usually be found within the “Settings” menu. 2. Add Splunk Logging Configuration: Create a new configuration for the Splunk Logging Aggregator. You will need to specify various parameters to establish the connection between Automation Controller and Splunk via the User Interface Settings > Logging or via the API (/api/v2/settings/logging/).

LOG_AGGREGATOR_HOST: Provide the full URL to the Splunk HTTP Event Collector host. It should follow the format: LOG_AGGREGATOR_TYPE: Set the aggregator type to “splunk”. LOG_AGGREGATOR_USERNAME and LOG_AGGREGATOR_PASSWORD: If required, enter the username and password for authentication. Alternatively, you can use an OAuth2 token. LOG_AGGREGATOR_LOGGERS: Define the loggers you want to send data from. Common options include “awx”, “activity_stream”, “job_events”, and “system_tracking”. LOG_AGGREGATOR_ENABLED: Set this to true to enable the Splunk Logging Aggregator.

Automation Controller Splunk UI

Automation Controller Splunk API

  1. Configure Additional Settings: Depending on your requirements, you can adjust other settings, such as LOG_AGGREGATOR_MAX_DISK_USAGE_GB and LOG_AGGREGATOR_MAX_DISK_USAGE_PATH, to control how the controller handles messages during an external logger outage.

Splunk Events


Integrating Splunk logging with Automation Controller empowers IT operations teams with comprehensive insights into system behavior, performance, and events. By sending detailed logs to Splunk, you can efficiently monitor, analyze, and troubleshoot issues, ensuring the reliability and security of your infrastructure. Additionally, setting up Prometheus for metrics collection further enhances your ability to gain a holistic view of your Automation Controller environment.

As you embark on this integration journey, remember to consult both the Automation Controller and Splunk documentation for detailed configuration options and best practices. By effectively harnessing the power of log aggregation and analysis, you position your organization for proactive and data-driven IT operations management.

For further assistance and detailed instructions, refer to the official documentation of Automation Controller and Splunk.

Disclaimer: The images and configuration examples provided are for illustrative purposes only and may vary based on the specific versions of Automation Controller and Splunk.


Logging and aggregation empower administrators to monitor, analyze, and troubleshoot Ansible Automation Controller effectively. By integrating with external aggregation services and leveraging various loggers, the controller’s behavior and performance become transparent. The seamless integration with monitoring systems like Splunk, Loggly, Sumologic, and Elastic Stack further enhances administrators’ ability to gain actionable insights and ensure the robustness of their infrastructure. This logging and aggregation capability is a key tool for maintaining efficient and reliable operations in Ansible-powered environments.

Subscribe to the YouTube channel, Medium, and Website, X (formerly Twitter) to not miss the next episode of the Ansible Pilot.


Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 250+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Follow me

Subscribe not to miss any new releases