×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Fcor
New Member
Member since: ‎08-25-2011
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-25-2011
Activity Feed
View All

Re: No hostname list in Splunk for Nagios

by in All Apps and Add-ons
‎12-06-2011 01:30 AM
‎12-06-2011 01:30 AM
Hi, Thanks, it seems that i miss a point in the command line. But when i try : earliest=-24h index="nagios" nagiosevent="CURRENT HOST STATE" | rex ".+CURRENT HOST STATE: (?P [^;]*)(?=;)"| stats count by device I got no elements but when i search : earliest=-24h index="nagios" nagiosevent="SERVICE ALERT" | rex ".+SERVICE ALERT: (?P [^;]*)(?=;)"| stats count by device I got the device list. In fact when i search : earliest=-24h index="nagios" sourcetype=nagios I got a lot of information but in the "nagiosevent" i just got 4 elements : SERVICE ALERT SERVICE NOTIFICATION GLOBAL SERVICE EVENT HANDLER SERVICE EVENT HANDLER But if i read you well i should have "CURRENT HOST STATE" at midnight ? An example of what i got now : 1323164934 src_host="SERVER001" perfdata="SERVICEPERFDATA" name="FTP" severity="OK" attempt="1" statetype="HARD" executiontime="0.016" latency="0.216" reason="FTP OK - 0,005 second response time on port 21 [220 Welcome to FTP service.]" result="time=0,004622s;;;0,000000;10,000000" host=SERVER003 Options| sourcetype=nagiosserviceperf Options| source=/srv/eyesofnetwork/nagios/var/log/service-perfdata Options| src_host=BALWPDMZ001 Options 2 12/6/11 10:48:54.000 AM 1323164934 src_host="SERVER002" perfdata="SERVICEPERFDATA" name="SERVICE_BACKUPEXEC_AGENT" severity="OK" attempt="1" statetype="HARD" executiontime="0.275" latency="0.187" reason="OK: Backup Exec Agent Br ... View more

No hostname list in Splunk for Nagios

by in All Apps and Add-ons
‎12-05-2011 09:00 AM
‎12-05-2011 09:00 AM
Hi, I've installed a forwarder on my nagios machine and it send the log to my main splunk server. My "nagios" index is good as i can earch in it and got my info. But my problem is that chen i go to the "Alert Dashboard" my hostname list is empty. So i look at the plugin objects and i can't fnd any Extract - hostname or something like that. Nagios 3.2.1 and splunk 4.2.4. Thanks. For example i got thoses lines from the nagios index it seems quite normal : 12/5/11 5:57:29.000 PM 1323104249 SERVER01 MEMOIRE OK 1 HARD 0.259 0.174 OK: physical memory: 4.18G physical memory %=26%;80;90 physical memory=4281.14MB;814.90;2452.77;0;16378.63 host=BALLPSUP002.loglibris.grp-martiniere.fr Options| sourcetype=nagiosserviceperf Options| source=/srv/eyesofnetwork/nagios/var/log/service-perfdata.out Options 4 12/5/11 5:57:28.000 PM 1323104248 SERVER002 SSH OK 1 HARD 0.016 0.161 TCP OK - 0,000 second response time on port 22 time=0,000442s;;;0,000000;10,000000 host=BALLPSUP002.loglibris.grp-martiniere.fr Options| sourcetype=nagiosserviceperf Options| source=/srv/eyesofnetwork/nagios/var/log/service-perfdata.out Options ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM