All Apps and Add-ons

Cannot fetch data into Splunk for Nagios

bmomartins
New Member

Hello everyone,

I have recently installed Splunk for Nagios and followed the configuration guidelines shown here:
http://splunk-base.splunk.com/apps/22374/splunk-for-nagios

If I go to Search app, I can see the Nagios log file and its events, but nothing shows on Splunk for Nagios dashboards.

What may be the cause? I will provide the configuration files contents as you ask me.

Best regards,

Bruno Martins

Tags (1)
0 Karma

MarioM
Motivator

all of the dashboards use searches based on index = nagios then you either modify all the searches or you get the data into an index which you created/named nagios.

And you need to make sure you have the right sourcetype assigned to the right data.

$NAGIOS_HOME/var/nagios.log sourcetype=nagios

$NAGIOS_HOME/var/host-perfdata sourcetype=nagioshostperf

$NAGIOS_HOME/var/service-perfdata sourcetype=nagiosserviceperf
0 Karma

lukeh
Contributor

Hi Bruno,

Please upgrade to the latest release and let me know how you go 🙂

All the best,

Luke 🙂

0 Karma

bmomartins
New Member

Ok, after some changes I have this working with one exception.

In the Livestatus Dashboard I should see service status the same way I can see that all hosts are up. Got to figure out why it is not getting information, because the log file from which it extracts this information is populated with events.

0 Karma

MarioM
Motivator

for the existing you cannot but new data you need to modify in your forwarders the inputs.conf by adding the following new line for each sourcetypes:

index=nagios

0 Karma

jgedeon120
Contributor

Just by looking at what you have there it doesn't look like you have the sourcetypes right. Also, do you have them going into the nagios index?

Sourcetypes should be:
nagios
nagiosserviceperf
nagioshostperf

0 Karma

bmomartins
New Member

Thanks for the fast response.

I have three sourcetypes:

serviceperf = /tmp/service-perfdata.log
hostperf = /tmp/host-perfdata.log
nagios = /var/log/nagios/nagios.log

In the Search app I see the files being indexed, but no information displayed in app Splunk for Nagios.

I have a index called nagios, but I can see that those files are being used by main index. How can I change this?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...