All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk for Nagios - Livestatus Dashboard - No Data / N/A

aaronnicoli
Path Finder
‎09-23-2013 10:12 PM

Hi all,

I have recently installed Splunk for Nagios and setup the livestatus things associated with it into my nag server.

I have MK Livestatus running out of xinetd and can run:

echo -e "GET services\nColumns: host_name description state" | netcat 111.111.111.111 6557

And successfully get data on my Nagios nodes. (running it from splunk indexer)

However, when I open the Livestatus Dashboard page in the SFN app I get N/A everywhere... (except for the "service alerts")

Also the "Nagios Linux Performance Graphs" only display any info in the first two sections. (Warnings and Crit Alerts, Top 10 Service Notifications)

It's indexing my data fine, but, doesn't seems to be using the livestatus connections correctly.

Any ideas?
Help?

Cheers,
Aaron.

0 Karma
Reply

yong_ly
Path Finder
‎01-20-2014 07:45 PM

How have you set up your livestatus xinetd settings? You have to link the livestatus socket on your nagios machine to xinetd socket. Here's an example from http://mathias-kettner.com/checkmk_livestatus.html for a /etc/xinetd.d/livestatus file. 

service livestatus
{
    type        = UNLISTED
    port        = 6557
    socket_type = stream
    protocol    = tcp
    wait        = no
# limit to 100 connections per second. Disable 3 secs if above.
    cps             = 100 3
# set the number of maximum allowed parallel instances of unixcat.
# Please make sure that this values is at least as high as
# the number of threads defined with num_client_threads in
# etc/mk-livestatus/nagios.cfg
        instances       = 500
# limit the maximum number of simultaneous connections from
# one source IP address
        per_source      = 250
# Disable TCP delay, makes connection more responsive
    flags           = NODELAY
    user        = nagios
    server      = /usr/bin/unixcat
    server_args     = /var/lib/nagios/rw/live
# configure the IP address(es) of your Nagios server here:
#   only_from       = 127.0.0.1 10.0.20.1 10.0.20.2
    disable     = no
}
0 Karma
Reply

lukeh
Contributor
‎10-04-2013 12:30 AM

Hi Aaron,

Please upgrade to the latest release and let me know how you go 🙂

All the best,

Luke 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...