All Apps and Add-ons

Splunk for Nagios - Livestatus Dashboard - No Data / N/A

aaronnicoli
Path Finder

Hi all,

I have recently installed Splunk for Nagios and setup the livestatus things associated with it into my nag server.

I have MK Livestatus running out of xinetd and can run:

echo -e "GET services\nColumns: host_name description state" | netcat 111.111.111.111 6557

And successfully get data on my Nagios nodes. (running it from splunk indexer)

However, when I open the Livestatus Dashboard page in the SFN app I get N/A everywhere... (except for the "service alerts")

Also the "Nagios Linux Performance Graphs" only display any info in the first two sections. (Warnings and Crit Alerts, Top 10 Service Notifications)

It's indexing my data fine, but, doesn't seems to be using the livestatus connections correctly.

Any ideas?
Help?

Cheers,
Aaron.

0 Karma

yong_ly
Path Finder

How have you set up your livestatus xinetd settings? You have to link the livestatus socket on your nagios machine to xinetd socket. Here's an example from http://mathias-kettner.com/checkmk_livestatus.html for a /etc/xinetd.d/livestatus file.

service livestatus
{
    type        = UNLISTED
    port        = 6557
    socket_type = stream
    protocol    = tcp
    wait        = no
# limit to 100 connections per second. Disable 3 secs if above.
    cps             = 100 3
# set the number of maximum allowed parallel instances of unixcat.
# Please make sure that this values is at least as high as
# the number of threads defined with num_client_threads in
# etc/mk-livestatus/nagios.cfg
        instances       = 500
# limit the maximum number of simultaneous connections from
# one source IP address
        per_source      = 250
# Disable TCP delay, makes connection more responsive
    flags           = NODELAY
    user        = nagios
    server      = /usr/bin/unixcat
    server_args     = /var/lib/nagios/rw/live
# configure the IP address(es) of your Nagios server here:
#   only_from       = 127.0.0.1 10.0.20.1 10.0.20.2
    disable     = no
}
0 Karma

lukeh
Contributor

Hi Aaron,

Please upgrade to the latest release and let me know how you go 🙂

All the best,

Luke 🙂

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...