All Apps and Add-ons

Splunk for Nagios - Livestatus Dashboard - No Data / N/A

Path Finder

Hi all,

I have recently installed Splunk for Nagios and setup the livestatus things associated with it into my nag server.

I have MK Livestatus running out of xinetd and can run:

echo -e "GET services\nColumns: host_name description state" | netcat 6557

And successfully get data on my Nagios nodes. (running it from splunk indexer)

However, when I open the Livestatus Dashboard page in the SFN app I get N/A everywhere... (except for the "service alerts")

Also the "Nagios Linux Performance Graphs" only display any info in the first two sections. (Warnings and Crit Alerts, Top 10 Service Notifications)

It's indexing my data fine, but, doesn't seems to be using the livestatus connections correctly.

Any ideas?


0 Karma

Path Finder

How have you set up your livestatus xinetd settings? You have to link the livestatus socket on your nagios machine to xinetd socket. Here's an example from for a /etc/xinetd.d/livestatus file.

service livestatus
    type        = UNLISTED
    port        = 6557
    socket_type = stream
    protocol    = tcp
    wait        = no
# limit to 100 connections per second. Disable 3 secs if above.
    cps             = 100 3
# set the number of maximum allowed parallel instances of unixcat.
# Please make sure that this values is at least as high as
# the number of threads defined with num_client_threads in
# etc/mk-livestatus/nagios.cfg
        instances       = 500
# limit the maximum number of simultaneous connections from
# one source IP address
        per_source      = 250
# Disable TCP delay, makes connection more responsive
    flags           = NODELAY
    user        = nagios
    server      = /usr/bin/unixcat
    server_args     = /var/lib/nagios/rw/live
# configure the IP address(es) of your Nagios server here:
#   only_from       =
    disable     = no
0 Karma


Hi Aaron,

Please upgrade to the latest release and let me know how you go 🙂

All the best,

Luke 🙂

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...

We’ve Got Education Validation!

Are you feeling it? All the career-boosting benefits of up-skilling with Splunk? It’s not just a feeling, it's ...