Question: We are planning a distributed Nagios deployment, with a Nagios server in each of our Datacenters forwarding nagios logs off to the local splunk Indexer in the data center. Will this App support a distributed Nagios deployment in the future? From what I gather, MOST things will function normally with the exceptions of the contents of splunk-nagios.sh and the MK Livestatus Integration scripts.
Hi Terry 🙂 You are correct in that all of the dashboards and reports will work for multiple nagios instances except for the splunk-nagios.sh script (for splunk to nagios alerts) and the Livestatus dashboards. I am actively working on updating the existing python scripts to support multiple MK Livestatus instances. You could clone the splunk-nagios.sh script and configure one for each nagios instance, if required. I will post a new version of the app soon 🙂
Hi Terry 🙂
I have just released Splunk for Nagios version 3 and all of the external lookup scripts for MK Livestatus have been updated with support for multiple MK Livestatus servers 🙂
A number of field extractions have been updated, as well as additional macros and a new event type.
I have also added several very powerful dashboards:
Livestatus Network Health
Livestatus Service Alerts
Livestatus Host SLA
Livestatus Service SLA
Livestatus Host Groups
Livestatus Service Groups
Livestatus Service Acknowledgement
Livestatus Host and Service Downtime
Top 100 Alerts
All the best,