Just going through getting Splunk for Nagios installed and I followed the instructions as provided and all went well, except that on the Status Dashboard I don't get any results for Top 10 Service Notifications with status Warning/Critical.
What iv'e figured out is that splunk isn't parsing my log files and I believe it could possibly be my log files that are not being formulated properly.
Could someone verify that the following definitions are indeed correct?
But by just going through and doing a broad search on index=nagios, I do not have any nagiosevent="SERVICE NOTIFICATION" just, "SERVICE ALERT". Also, it appears as though my "statusnotification" is being parsed as "severity".
Is there a way I can adjust my config files to properly parse these nagios log files ? Any help would be greatly appreciated.