https://community.splunk.com/t5/Splunk-Search/How-does-Livestatus-work-in-the-integration-of-Nagios-and-Splunk/m-p/206626#M60182 <P>I don't know of any out of the box integrations with Livestatus so you'd be on your own writing a scripted or modular input to pull data in that way. I wouldn't re-invent the wheel here. Splunk as written the <A href="https://splunkbase.splunk.com/app/2703/">Splunk Add-On for Nagios Core</A>. It uses NDOUtils to pull data from Nagios and index in Splunk. You can view all the different <A href="http://docs.splunk.com/Documentation/AddOns/latest/NagiosCore/Sourcetypes">sourcetypes that the app pulls in here</A>. if you're interested in scheduled downtime look at the sourcetype <B>nagios:scheduleddowntime</B></P> <P>The requirement for NDOUtils is a little more heavy-weight than Livestatus but it will save you the trouble of having to build your own integration. A small price to pay in my opinion.</P> <P><A href="http://docs.splunk.com/Documentation/AddOns/latest/NagiosCore/Hardwareandsoftwarerequirements">Here are the requirements</A></P> <P>If you want to monitor NDOUtils data, you must:</P> <P>have NDOUtils installed on your Nagios instance<BR /> have an account with read privileges on the MySQL database of NDOUtils<BR /> have Splunk DB Connect v2 installed on the heavy forwarders responsible for data collection.</P> Fri, 10 Jun 2016 23:10:52 GMT shaskell_splunk 2016-06-10T23:10:52Z https://community.splunk.com/t5/Splunk-Search/How-does-Livestatus-work-in-the-integration-of-Nagios-and-Splunk/m-p/206625#M60181 <P>I'm running into incomplete documentation or irrelevant situations in trying to understand this, so I need help in straightening my definition of this environment. </P> <P>I have an instance of Nagios, an instance of Splunk, and a working Livestatus that provides a socket for which data from Nagios can be obtained. I understand that Livestatus can pull information from Nagios such as <CODE>echo 'GET hosts'|unixcat /path/to/livestatus/live/socket</CODE>. Another additional way of using Livestatus is creating files that contain custom queries which can have an organization of data as well as a filtering of data in order to provide items of relevance and importance and using <CODE>unixcat &lt; queryName path/to/livestatus/live/socket</CODE>. </P> <P>However, based on what I've seen Splunk do, it's simply pulling all the information in from Nagios, disregarding the Livestatus Queries. This begs the question of how do I get Splunk to receive filtered data from Nagios so as an example, receive data that a logging service is down and <EM>not</EM> within scheduled down time? Once that data has been filtered, where on Splunk am I able to view the data of that query?</P> Fri, 10 Jun 2016 15:27:34 GMT https://community.splunk.com/t5/Splunk-Search/How-does-Livestatus-work-in-the-integration-of-Nagios-and-Splunk/m-p/206625#M60181 TheHardHattedGe 2016-06-10T15:27:34Z https://community.splunk.com/t5/Splunk-Search/How-does-Livestatus-work-in-the-integration-of-Nagios-and-Splunk/m-p/206626#M60182 <P>I don't know of any out of the box integrations with Livestatus so you'd be on your own writing a scripted or modular input to pull data in that way. I wouldn't re-invent the wheel here. Splunk as written the <A href="https://splunkbase.splunk.com/app/2703/">Splunk Add-On for Nagios Core</A>. It uses NDOUtils to pull data from Nagios and index in Splunk. You can view all the different <A href="http://docs.splunk.com/Documentation/AddOns/latest/NagiosCore/Sourcetypes">sourcetypes that the app pulls in here</A>. if you're interested in scheduled downtime look at the sourcetype <B>nagios:scheduleddowntime</B></P> <P>The requirement for NDOUtils is a little more heavy-weight than Livestatus but it will save you the trouble of having to build your own integration. A small price to pay in my opinion.</P> <P><A href="http://docs.splunk.com/Documentation/AddOns/latest/NagiosCore/Hardwareandsoftwarerequirements">Here are the requirements</A></P> <P>If you want to monitor NDOUtils data, you must:</P> <P>have NDOUtils installed on your Nagios instance<BR /> have an account with read privileges on the MySQL database of NDOUtils<BR /> have Splunk DB Connect v2 installed on the heavy forwarders responsible for data collection.</P> Fri, 10 Jun 2016 23:10:52 GMT https://community.splunk.com/t5/Splunk-Search/How-does-Livestatus-work-in-the-integration-of-Nagios-and-Splunk/m-p/206626#M60182 shaskell_splunk 2016-06-10T23:10:52Z