All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Nagios Core: NEMS data to Splunk

jshupe2
New Member
‎05-31-2019 05:36 AM

I have a NEMS instance that collects data about the status of the host on our network.
On the NEMS side, I have the Universal forwarder installed and the Nagios Core add-on in the apps directory, and on the Splunk side, I have the app Splunk Add-on for Nagios Core as well as receiving configured.
The only way that we receive any data is to do a monitor of /var/log . If we monitor that directory we do get data but not all the Splunk data.

We can get that data if we monitor the Nagios log manually.
I thought that was a function of the Nagios core app, to add in getting useful data into Splunk-
can someone help me determine my error?

0 Karma
Reply

aromanauskas
Path Finder
‎06-02-2019 09:05 AM

The Nagios Splunk Add-On is not 100% configured by default.

Have you created the $SPLUNK_HOME/etc/apps/Splunk_TA_nagio-core/local/inputs.conf on the Universal Forwarder/Deployment Server?

[monitor://$NAGIOS_HOME/var/nagios.log]
sourcetype = nagios:core

[monitor://$NAGIOS_HOME/var/host-perfdata]
sourcetype = nagios:core:hostperf

[monitor://$NAGIOS_HOME/var/service-perfdata]
sourcetype = nagios:core:serviceperf
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...