I have recently installed Splunk for Nagios and followed the configuration guidelines shown here:
If I go to Search app, I can see the Nagios log file and its events, but nothing shows on Splunk for Nagios dashboards.
What may be the cause? I will provide the configuration files contents as you ask me.
all of the dashboards use searches based on index = nagios then you either modify all the searches or you get the data into an index which you created/named nagios.
And you need to make sure you have the right sourcetype assigned to the right data.
$NAGIOS_HOME/var/nagios.log sourcetype=nagios $NAGIOS_HOME/var/host-perfdata sourcetype=nagioshostperf $NAGIOS_HOME/var/service-perfdata sourcetype=nagiosserviceperf
Ok, after some changes I have this working with one exception.
In the Livestatus Dashboard I should see service status the same way I can see that all hosts are up. Got to figure out why it is not getting information, because the log file from which it extracts this information is populated with events.
Just by looking at what you have there it doesn't look like you have the sourcetypes right. Also, do you have them going into the nagios index?
Sourcetypes should be:
Thanks for the fast response.
I have three sourcetypes:
serviceperf = /tmp/service-perfdata.log hostperf = /tmp/host-perfdata.log nagios = /var/log/nagios/nagios.log
In the Search app I see the files being indexed, but no information displayed in app Splunk for Nagios.
I have a index called nagios, but I can see that those files are being used by main index. How can I change this?