PLAY [Run default Splunk provisioning] ***************************************** Tuesday 22 July 2025 19:54:25 +0200 (0:00:00.157) 0:00:00.157 ********** TASK [Gathering Facts] ********************************************************* ok: [localhost] Tuesday 22 July 2025 19:54:26 +0200 (0:00:01.316) 0:00:01.473 ********** Tuesday 22 July 2025 19:54:26 +0200 (0:00:00.019) 0:00:01.493 ********** TASK [Provision role] ********************************************************** Tuesday 22 July 2025 19:54:26 +0200 (0:00:00.095) 0:00:01.588 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/get_facts.yml for localhost Tuesday 22 July 2025 19:54:26 +0200 (0:00:00.052) 0:00:01.640 ********** TASK [splunk_common : Set privilege escalation user] *************************** ok: [localhost] Tuesday 22 July 2025 19:54:26 +0200 (0:00:00.066) 0:00:01.706 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check for scloud] **************************************** ok: [localhost] Tuesday 22 July 2025 19:54:27 +0200 (0:00:00.489) 0:00:02.196 ********** Tuesday 22 July 2025 19:54:27 +0200 (0:00:00.029) 0:00:02.225 ********** Tuesday 22 July 2025 19:54:27 +0200 (0:00:00.020) 0:00:02.246 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check for existing installation] ************************* ok: [localhost] Tuesday 22 July 2025 19:54:27 +0200 (0:00:00.332) 0:00:02.579 ********** TASK [splunk_common : Set splunk install fact] ********************************* ok: [localhost] Tuesday 22 July 2025 19:54:27 +0200 (0:00:00.051) 0:00:02.630 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check for existing splunk secret] ************************ ok: [localhost] Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.334) 0:00:02.965 ********** TASK [splunk_common : Set first run fact] ************************************** ok: [localhost] Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.048) 0:00:03.014 ********** TASK [splunk_common : Set splunk_build_type fact] ****************************** included: /opt/ansible/roles/splunk_common/tasks/get_facts_build_type.yml for localhost Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.038) 0:00:03.052 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.021) 0:00:03.074 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.034) 0:00:03.108 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.034) 0:00:03.143 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.034) 0:00:03.178 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.034) 0:00:03.213 ********** TASK [splunk_common : Set target version fact] ********************************* included: /opt/ansible/roles/splunk_common/tasks/get_facts_target_version.yml for localhost Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.053) 0:00:03.266 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.031) 0:00:03.297 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.032) 0:00:03.329 ********** Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.030) 0:00:03.360 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Find manifests] ****************************************** ok: [localhost] Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.456) 0:00:03.816 ********** TASK [splunk_common : Set current version fact] ******************************** ok: [localhost] Tuesday 22 July 2025 19:54:28 +0200 (0:00:00.057) 0:00:03.874 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.053) 0:00:03.927 ********** TASK [splunk_common : Setting upgrade fact] ************************************ ok: [localhost] Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.054) 0:00:03.982 ********** TASK [splunk_common : Setting indexer cluster fact from config] **************** ok: [localhost] Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.054) 0:00:04.036 ********** TASK [splunk_common : Setting search head cluster fact from config] ************ ok: [localhost] Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.060) 0:00:04.096 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.021) 0:00:04.118 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.032) 0:00:04.150 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.032) 0:00:04.182 ********** TASK [splunk_common : Detect service name] ************************************* included: /opt/ansible/roles/splunk_common/tasks/get_facts_service_name.yml for localhost Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.051) 0:00:04.234 ********** TASK [splunk_common : Setting service_name fact from config] ******************* ok: [localhost] Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.050) 0:00:04.284 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.038) 0:00:04.322 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.033) 0:00:04.356 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.033) 0:00:04.390 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.037) 0:00:04.427 ********** Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.036) 0:00:04.463 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/install_python_requirements.yml for localhost Tuesday 22 July 2025 19:54:29 +0200 (0:00:00.053) 0:00:04.517 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check if requests_unixsocket exists] ********************* changed: [localhost] Tuesday 22 July 2025 19:54:30 +0200 (0:00:01.328) 0:00:05.846 ********** Tuesday 22 July 2025 19:54:30 +0200 (0:00:00.031) 0:00:05.877 ********** Tuesday 22 July 2025 19:54:31 +0200 (0:00:00.034) 0:00:05.912 ********** Tuesday 22 July 2025 19:54:31 +0200 (0:00:00.057) 0:00:05.970 ********** Tuesday 22 July 2025 19:54:31 +0200 (0:00:00.031) 0:00:06.001 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/change_splunk_directory_owner.yml for localhost Tuesday 22 July 2025 19:54:31 +0200 (0:00:00.084) 0:00:06.086 ********** TASK [splunk_common : Update Splunk directory owner] *************************** ok: [localhost] Tuesday 22 July 2025 19:54:37 +0200 (0:00:06.410) 0:00:12.496 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/update_etc.yml for localhost Tuesday 22 July 2025 19:54:37 +0200 (0:00:00.065) 0:00:12.561 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check if /sbin/updateetc.sh exists] ********************** ok: [localhost] Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.335) 0:00:12.896 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Update /opt/splunk/etc] ********************************** ok: [localhost] Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.365) 0:00:13.262 ********** Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.049) 0:00:13.312 ********** Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.051) 0:00:13.363 ********** Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.045) 0:00:13.409 ********** Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.043) 0:00:13.453 ********** Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.045) 0:00:13.499 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/remove_first_login.yml for localhost Tuesday 22 July 2025 19:54:38 +0200 (0:00:00.056) 0:00:13.555 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Create .ui_login] **************************************** ok: [localhost] Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.358) 0:00:13.914 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.033) 0:00:13.947 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/set_splunk_secret.yml for localhost Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.060) 0:00:14.007 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.035) 0:00:14.043 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.022) 0:00:14.065 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/enable_admin_auth.yml for localhost Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.129) 0:00:14.195 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.043) 0:00:14.239 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.045) 0:00:14.284 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.044) 0:00:14.329 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.048) 0:00:14.377 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.044) 0:00:14.422 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.044) 0:00:14.466 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/configure_mgmt_port.yml for localhost Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.067) 0:00:14.533 ********** TASK [splunk_common : set version fact] **************************************** ok: [localhost] Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.055) 0:00:14.588 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.021) 0:00:14.610 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.023) 0:00:14.634 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.024) 0:00:14.658 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/pre_splunk_start_commands.yml for localhost Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.058) 0:00:14.717 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.033) 0:00:14.750 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/enable_s2s.yml for localhost Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.066) 0:00:14.817 ********** Tuesday 22 July 2025 19:54:39 +0200 (0:00:00.048) 0:00:14.865 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/s2s/configure_splunktcp.yml for localhost Tuesday 22 July 2025 19:54:40 +0200 (0:00:00.066) 0:00:14.932 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Enable splunktcp input] ********************************** ok: [localhost] Tuesday 22 July 2025 19:54:40 +0200 (0:00:00.496) 0:00:15.429 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Remove splunktcp-ssl input] ****************************** ok: [localhost] Tuesday 22 July 2025 19:54:40 +0200 (0:00:00.352) 0:00:15.782 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Remove input SSL settings] ******************************* ok: [localhost] Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.365) 0:00:16.147 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Reset root CA] ******************************************* ok: [localhost] Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.438) 0:00:16.585 ********** Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.035) 0:00:16.621 ********** Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.034) 0:00:16.656 ********** Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.052) 0:00:16.708 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/set_mgmt_port.yml for localhost Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.102) 0:00:16.811 ********** TASK [splunk_common : Set localhost address for mgmt port] ********************* ok: [localhost] Tuesday 22 July 2025 19:54:41 +0200 (0:00:00.061) 0:00:16.872 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Set mgmt port] ******************************************* ok: [localhost] Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.397) 0:00:17.270 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.032) 0:00:17.302 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.029) 0:00:17.332 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.022) 0:00:17.355 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.049) 0:00:17.404 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.047) 0:00:17.452 ********** Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.056) 0:00:17.509 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/enable_splunkd_ssl.yml for localhost Tuesday 22 July 2025 19:54:42 +0200 (0:00:00.070) 0:00:17.579 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Enable Splunkd SSL] ************************************** ok: [localhost] Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.347) 0:00:17.927 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.022) 0:00:17.949 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.022) 0:00:17.971 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.022) 0:00:17.993 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.023) 0:00:18.016 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.053) 0:00:18.070 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.057) 0:00:18.127 ********** Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.022) 0:00:18.149 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/start_splunk.yml for localhost Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.073) 0:00:18.223 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/get_splunk_status.yml for localhost Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.029) 0:00:18.253 ********** TASK [splunk_common : Restrict permissions on splunk.key for Status] *********** included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key) Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.036) 0:00:18.289 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] *** ok: [localhost] Tuesday 22 July 2025 19:54:43 +0200 (0:00:00.335) 0:00:18.625 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] *** ok: [localhost] Tuesday 22 July 2025 19:54:44 +0200 (0:00:00.344) 0:00:18.969 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Get Splunk status] *************************************** ok: [localhost] Tuesday 22 July 2025 19:54:48 +0200 (0:00:04.354) 0:00:23.323 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Cleanup Splunk runtime files] **************************** ok: [localhost] => (item=/opt/splunk/var/run/splunk/splunkd.pid) changed: [localhost] => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/mongod.lock) Tuesday 22 July 2025 19:54:49 +0200 (0:00:00.641) 0:00:23.965 ********** TASK [splunk_common : Restrict permissions on splunk.key] ********************** included: /opt/ansible/roles/splunk_common/tasks/restrict_permissions.yml for localhost => (item=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key) Tuesday 22 July 2025 19:54:49 +0200 (0:00:00.038) 0:00:24.004 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check if /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key exists] *** ok: [localhost] Tuesday 22 July 2025 19:54:49 +0200 (0:00:00.332) 0:00:24.337 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Restrict permissions on /opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key] *** ok: [localhost] Tuesday 22 July 2025 19:54:49 +0200 (0:00:00.350) 0:00:24.688 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Start Splunk via CLI] ************************************ changed: [localhost] Tuesday 22 July 2025 19:55:15 +0200 (0:00:25.439) 0:00:50.127 ********** Tuesday 22 July 2025 19:55:15 +0200 (0:00:00.036) 0:00:50.163 ********** Tuesday 22 July 2025 19:55:15 +0200 (0:00:00.034) 0:00:50.198 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/check_uds_file.yml for localhost Tuesday 22 July 2025 19:55:15 +0200 (0:00:00.048) 0:00:50.246 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Check if UDS file exists] ******************************** ok: [localhost] Tuesday 22 July 2025 19:55:15 +0200 (0:00:00.412) 0:00:50.659 ********** TASK [splunk_common : Set UDS enabled/disabled] ******************************** ok: [localhost] Tuesday 22 July 2025 19:55:15 +0200 (0:00:00.075) 0:00:50.734 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Wait for splunkd management port] ************************ ok: [localhost] Tuesday 22 July 2025 19:55:16 +0200 (0:00:00.676) 0:00:51.410 ********** Tuesday 22 July 2025 19:55:16 +0200 (0:00:00.020) 0:00:51.431 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/set_certificate_prefix.yml for localhost Tuesday 22 July 2025 19:55:16 +0200 (0:00:00.123) 0:00:51.555 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Test basic https endpoint] ******************************* ok: [localhost] Tuesday 22 July 2025 19:55:17 +0200 (0:00:00.949) 0:00:52.504 ********** TASK [splunk_common : Set url prefix for future REST calls] ******************** ok: [localhost] Tuesday 22 July 2025 19:55:17 +0200 (0:00:00.060) 0:00:52.565 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/clean_user_seed.yml for localhost Tuesday 22 July 2025 19:55:17 +0200 (0:00:00.075) 0:00:52.640 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Remove user-seed.conf] *********************************** ok: [localhost] Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.475) 0:00:53.116 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/add_splunk_license.yml for localhost Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.081) 0:00:53.197 ********** TASK [splunk_common : Initialize licenses array] ******************************* ok: [localhost] Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.068) 0:00:53.266 ********** TASK [splunk_common : Determine available licenses] **************************** ok: [localhost] => (item=splunk.lic) Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.072) 0:00:53.338 ********** TASK [splunk_common : Apply licenses] ****************************************** included: /opt/ansible/roles/splunk_common/tasks/apply_licenses.yml for localhost => (item=splunk.lic) Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.073) 0:00:53.411 ********** Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.058) 0:00:53.470 ********** Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.057) 0:00:53.527 ********** Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.022) 0:00:53.550 ********** TASK [splunk_common : include_tasks] ******************************************* included: /opt/ansible/roles/splunk_common/tasks/licenses/add_license.yml for localhost => (item=(censored due to no_log)) Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.061) 0:00:53.611 ********** Tuesday 22 July 2025 19:55:18 +0200 (0:00:00.031) 0:00:53.643 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_common : Ensure license path] ************************************* ok: [localhost] Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.469) 0:00:54.113 ********** Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.022) 0:00:54.135 ********** Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.023) 0:00:54.159 ********** Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.013) 0:00:54.172 ********** Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.047) 0:00:54.219 ********** Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.033) 0:00:54.253 ********** TASK [splunk_standalone : include_tasks] *************************************** included: /opt/ansible/roles/splunk_standalone/tasks/../../splunk_common/tasks/set_as_hec_receiver.yml for localhost Tuesday 22 July 2025 19:55:19 +0200 (0:00:00.039) 0:00:54.292 ********** [WARNING]: Using world-readable permissions for temporary files Ansible needs to create when becoming an unprivileged user. This may be insecure. For information on securing this, see https://docs.ansible.com/ansible- core/2.15/playbook_guide/playbooks_privilege_escalation.html#risks-of-becoming- an-unprivileged-user#risks-of-becoming-an-unprivileged-user TASK [splunk_standalone : Get existing HEC token] ****************************** fatal: [localhost]: FAILED! => {  "changed": false }  MSG:  GET/services/data/inputs/http/splunk_hec_token?output_mode=jsonadmin********8089NoneNoneNone[200, 404];;; AND excep_str: URL: https://127.0.0.1:8089/services/data/inputs/http/splunk_hec_token?output_mode=json; data: None, exception: API call for https://127.0.0.1:8089/services/data/inputs/http/splunk_hec_token?output_mode=json and data as None failed with status code 401: {"messages":[{"type":"ERROR","text":"Unauthorized"}]}, failed with status code 401: {"messages":[{"type":"ERROR","text":"Unauthorized"}]} PLAY RECAP ********************************************************************* localhost : ok=69  changed=3  unreachable=0 failed=1  skipped=69  rescued=0 ignored=0 Tuesday 22 July 2025 19:55:20 +0200 (0:00:00.982) 0:00:55.275 ********** =============================================================================== splunk_common : Start Splunk via CLI ----------------------------------- 25.44s splunk_common : Update Splunk directory owner --------------------------- 6.41s splunk_common : Get Splunk status --------------------------------------- 4.35s splunk_common : Check if requests_unixsocket exists --------------------- 1.33s Gathering Facts --------------------------------------------------------- 1.32s splunk_standalone : Get existing HEC token ------------------------------ 0.98s splunk_common : Test basic https endpoint ------------------------------- 0.95s splunk_common : Wait for splunkd management port ------------------------ 0.68s splunk_common : Cleanup Splunk runtime files ---------------------------- 0.64s splunk_common : Enable splunktcp input ---------------------------------- 0.50s splunk_common : Check for scloud ---------------------------------------- 0.49s splunk_common : Remove user-seed.conf ----------------------------------- 0.48s splunk_common : Ensure license path ------------------------------------- 0.47s splunk_common : Find manifests ------------------------------------------ 0.46s splunk_common : Reset root CA ------------------------------------------- 0.44s splunk_common : Check if UDS file exists -------------------------------- 0.41s splunk_common : Set mgmt port ------------------------------------------- 0.40s splunk_common : Update /opt/splunk/etc ---------------------------------- 0.37s splunk_common : Remove input SSL settings ------------------------------- 0.37s splunk_common : Create .ui_login ---------------------------------------- 0.36s