I am very new to Splunk. The question I have is the following:
My Splunk and Nagios are on the same machine, both use syslog. Splunk to index (to the main index) and Nagios throws everything it's got in there. I have installed Splunk for Nagios but as hard as I try i don't get Splunk For Nagios to use the main index.
I have looked around on the forum and tried several thing. I created a nagios index, and also index the nagios.log. But this is not the place I would like to index and does not contain everything.
I have tried to also use the /var/log/messages again, but I am to new to know how to edit breaks or edit sources etc. How can I make Splunk For Nagios look in the main index?
If I missed something in the forum where such an answer has allready been given, then I apologize sincerely. Then I truly have missed it and then I do not want the answer given again. But then please point me toward the correct splunkbase question and I will go from there.
I am using Splunk 5.0.2 and Splunk For Nagios 2.0.1