- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nagios Core: NEMS data to Splunk
I have a NEMS instance that collects data about the status of the host on our network.
On the NEMS side, I have the Universal forwarder installed and the Nagios Core add-on in the apps directory, and on the Splunk side, I have the app Splunk Add-on for Nagios Core as well as receiving configured.
The only way that we receive any data is to do a monitor of /var/log . If we monitor that directory we do get data but not all the Splunk data.
We can get that data if we monitor the Nagios log manually.
I thought that was a function of the Nagios core app, to add in getting useful data into Splunk-
can someone help me determine my error?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Nagios Splunk Add-On is not 100% configured by default.
Have you created the $SPLUNK_HOME/etc/apps/Splunk_TA_nagio-core/local/inputs.conf on the Universal Forwarder/Deployment Server?
[monitor://$NAGIOS_HOME/var/nagios.log]
sourcetype = nagios:core
[monitor://$NAGIOS_HOME/var/host-perfdata]
sourcetype = nagios:core:hostperf
[monitor://$NAGIOS_HOME/var/service-perfdata]
sourcetype = nagios:core:serviceperf
