Hi Luke I am currently having the same issue and I have followed this same idea of replacing src_host="syd1rtr01" to src_host="a known host from your nagios" I have even went to the extend of removing the src_host="syd1rtr01" completely and test and this also failed. I have made entries in input.conf to reflect index = nagios. I have sent you an email to this issue a while back and also published the Dashboard issue on this forum where the auto population seems not to work. If we replace the state of src_host="syd1rtr01 with a known server from our nagios then are we not setting the default value for the src_host as the named server. secondly is src_host not a variable of which the value it holds is subject to change?. The reason why I am asking this questions is base on the simple fact that we already has a Splunk head on-site that holds the default settings as src_host="syd1rtr01" and it display the auto populate but for the alert Dashboard as an example, you can not do "select a Hostname" cos there are no hosts in the pulldown menu.
Although I am not sure but this seems to be a bug in SplunkForNagios. Something I have also noticed in the SplunkForNagios is whilst there is manual for installation only there seems not to be manual for SplunkForNagios how can we find a manual.
... View more
