All Apps and Add-ons

will the Splunk for Nagios app support a distributed Nagios deployment in the future?

TerrySoucy
Explorer

Question: We are planning a distributed Nagios deployment, with a Nagios server in each of our Datacenters forwarding nagios logs off to the local splunk Indexer in the data center. Will this App support a distributed Nagios deployment in the future? From what I gather, MOST things will function normally with the exceptions of the contents of splunk-nagios.sh and the MK Livestatus Integration scripts.

Tags (1)
0 Karma
1 Solution

lukeh
Contributor

Hi Terry 🙂 You are correct in that all of the dashboards and reports will work for multiple nagios instances except for the splunk-nagios.sh script (for splunk to nagios alerts) and the Livestatus dashboards. I am actively working on updating the existing python scripts to support multiple MK Livestatus instances. You could clone the splunk-nagios.sh script and configure one for each nagios instance, if required. I will post a new version of the app soon 🙂

View solution in original post

0 Karma

lukeh
Contributor

Hi Terry 🙂

I have just released Splunk for Nagios version 3 and all of the external lookup scripts for MK Livestatus have been updated with support for multiple MK Livestatus servers 🙂

A number of field extractions have been updated, as well as additional macros and a new event type.

I have also added several very powerful dashboards:

Livestatus Network Health

Livestatus Service Alerts

Livestatus Host SLA

Livestatus Service SLA

Livestatus Host Groups

Livestatus Service Groups

Livestatus Service Acknowledgement

Livestatus Host and Service Downtime

Host Availability

Top 100 Alerts

All the best,

Luke 🙂

0 Karma

lukeh
Contributor

Hi Terry 🙂 You are correct in that all of the dashboards and reports will work for multiple nagios instances except for the splunk-nagios.sh script (for splunk to nagios alerts) and the Livestatus dashboards. I am actively working on updating the existing python scripts to support multiple MK Livestatus instances. You could clone the splunk-nagios.sh script and configure one for each nagios instance, if required. I will post a new version of the app soon 🙂

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...