Real-time Insights Into App Delivery with Ansible Tower Data in Splunk

September 26, 2016 by Dylan Silva


Here at Ansible by Red Hat, we’re always looking for ways to make Ansible more useful when automating all the things.

That being said, most people know this UI when they see it:


When we ask Ansible users about their favorite tools, Splunk is a very common answer. Splunk software is at its most powerful when it is used to aggregate and correlate data from numerous sources across your environment. However, there hasn't been an easy way to use Splunk to analyze data from Ansible Tower job runs.

Not any longer. Today we’re happy to announce the result of our latest integration project - the Ansible Tower App for Splunk.


The value of analytics platforms such as Splunk, is the ability to collect and correlate machine data including environment events with the actions that caused them. Application lifecycle management teams need the ability to correlate deployment-related data (i.e. Tower job runs) with host events (i.e. system and service logs).

Picture the following scenario:
A development team is working to release a new version of their application. What is the easiest way for a team to validate the success of the application deployment process?

The Ansible Tower app for Splunk allows a team to deploy the updated application using Tower and automatically generate a report in Splunk detailing all of the impacted hosts. This Splunk report could include any information known to Tower, such as: job name, target hosts, app version on each host, etc., as well as any other data that Splunk knows about those hosts from other sources.



The Ansible Tower App for Splunk provides:

    Hosts that are in inventory can be extracted using Splunk software to show installed packages, running services and factual system level data related to the host.

    Analyze data run on previous jobs, to determine why a version is not in sync with others in the same environment.

    Perform application upgrades based on data analyzed with Splunk software, demonstrating the value of analytical reporting on deployment data.

But how, you may ask, do we do it? It's the Tower API put to more work:
This app is not getting data into Splunk by a forwarder parsing logs. Oh no, it’s pulling the data out of Tower via the RESTful API. By design, all of Tower’s UI functions are back-ended by its own API.

To drive data into Splunk software, a small Python script is executing every minute, retrieving data from three main endpoints of the Tower API.

$tower-url/api/v1/activity_stream $tower-url/api/v1/hosts/{{ host_id }}/fact_view

These Tower endpoints have all the data needed to analyze all the things related to environments that are Tower-managed.

The rest of the magic happens in Splunk.
Keeping this short and sweet.

Download the Ansible Tower App for Splunk from Splunkbase! If you are new to Splunk, download Splunk prior to installing the Ansible app.

New to Ansible Tower? 
Tower 3 is available now for anyone to try via local install, Vagrant image, or AMI.

Also, the code for the Ansible Tower App for Splunk is free and open! If you see something you’d like to improve, please contribute!


Ansible Tower, Splunk, Integration


Dylan Silva

Dylan is a Principal Product Manager, Ansible, Red Hat. Starting as an early Core community member in Ansible's early days, Dylan now manages product roadmap for Ansible Core. He’s a self-proclaimed Linux and OSS diehard, Internet geek, and father to #Ansipup Honey. You can follow him on twitter and GitHub at @Thaumos.

rss-icon  RSS Feed