Nagios Core: NEMS data to Splunk

jshupe2 · ‎05-31-2019

I have a NEMS instance that collects data about the status of the host on our network.
On the NEMS side, I have the Universal forwarder installed and the Nagios Core add-on in the apps directory, and on the Splunk side, I have the app Splunk Add-on for Nagios Core as well as receiving configured.
The only way that we receive any data is to do a monitor of /var/log . If we monitor that directory we do get data but not all the Splunk data.

We can get that data if we monitor the Nagios log manually.
I thought that was a function of the Nagios core app, to add in getting useful data into Splunk-
can someone help me determine my error?

aromanauskas · ‎06-02-2019

The Nagios Splunk Add-On is not 100% configured by default.

Have you created the $SPLUNK_HOME/etc/apps/Splunk_TA_nagio-core/local/inputs.conf on the Universal Forwarder/Deployment Server?

[monitor://$NAGIOS_HOME/var/nagios.log]
sourcetype = nagios:core

[monitor://$NAGIOS_HOME/var/host-perfdata]
sourcetype = nagios:core:hostperf

[monitor://$NAGIOS_HOME/var/service-perfdata]
sourcetype = nagios:core:serviceperf

Nagios Core: NEMS data to Splunk

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

Are you a member of the Splunk Community?

Nagios Core: NEMS data to Splunk

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk