The LogScale Marketplace has a package for Ansible. To get started with exploring and visualizing the logs from your Ansible playbooks follow the instructions in these sections:

Configurations in Ansible

This package supports logs generated by Ansible when running an Ansible playbook.

Make sure that Ansible is installed and available in your PATH. You can follow the instructions here to get Ansible up and running.

Before sending any data to LogScale, make sure that Ansible has been configured to capture the playbook output into a log file.

This can be achieved by:

vim /etc/ansible/ansible.cfg
# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log

Installing the Ansible Package in LogScale

Find the repository where you want to send the Ansible logs, or create a new one.

  1. Navigate to your repository in the LogScale interface, click Settings and then Packages on the left.

  2. Click Marketplace and install the LogScale package for Ansible (i.e.i.e. redhat/ansible).

  3. When the package has finished installing, click Ingest tokens on the left (still under the Settings, see Figure 1, “Ingest Token”).

  4. In the right panel, click + Add Token to create a new token. Give the token an appropriate name (e.g. the name of the server the token is ingesting logs for), and either leave the parser unassigned (instead of setting the parser in the log collector configuration later on), or assign the ansible parser to it.

    Ingest token

    Figure 1. Ingest Token

    Before leaving this page, view the ingest token and copy it to your clipboard — to save it temporarily elsewhere.

    Now that you have a repository set up in LogScale along with an ingest token you're ready to send logs to LogScale.

Configure Ingest for Ansible logs

This package is designed to be used in conjunction with the Falcon LogScale Log Collector, see Falcon LogScale Collectorfor more information. Once you have installed the LogScale Collector apply the configuration detailed below.

    type: file
    include: /var/log/ansible.log
    parser: ansible
    multiLineBeginsWith: ^20\d{2}-
    sink: humio

    type: humio
    token: <ingest-token>
    url: <logscale-base-url> // example -

This configuration has been tested with:

  • Ansible v2.13.5 along with the python v3.9.16

  • Falcon LogScale Collector v1.2.1

  • Falcon LogScale v1.85.0

Verify Data is Arriving in LogScale

Once you have completed the above steps the Ansible data should be arriving in your LogScale repository.

You can verify this by doing a simple search for #logtype = "ansible" to see the Ansible events.

Verify Data

Figure 2. Verify Data

Package Contents Explained

This package consists of the following:

Package Contents - Parsers

This package contains the following parsers:

  • ansible - A parser for Ansible logs. Note that since Ansible can work with a wide array of technologies, this parser does not attempt to parse anything that is not specific to Ansible. Any data that is not specific to Ansible can usually be found in the details field in a given event.

Package Contents - Dashboards

Note that you can narrow the dataset used by the widgets to only specific values of certain fields e.g select all (*) or a specific value for common fields, such as server name or in some cases error type etc, using parameters selection at the top of the dashboards.

Once you make parameter selections click Apply and the widgets will update to reflect only the data from the parameters selected. (when you click in the parameters selection all widgets on the dashboard that make use of the parameters have a blue outline to the widget).

The package contains the following Dashboards.

  • Process investigation - Shows how a selected Ansible process is doing, with a focus on determining which failures have occurred during the process.