- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Problem with Splunk for Nagios
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I join 2 &3 generated pattern regex to replace the nagios-host Down notifications-Last
60 minutes in number 1 to display all hosts and why is number 1 above expression not working in
the splunk for nagios default state.
This is the parameter for nagios-host Down notifications-Last 60 minutes
- index=nagios nagiosevent="HOST NOTIFICATION" hostnotificationstatus="DOWN" | dedup hostnotificationstatus hostnotification | top hostnotificationstatus by hostnotification limit="10" | fields + hostnotification hostnotificationstatus count
However this does not work I have tries to troubleshot this by checking each of the regx parameters
The nagios EXTRACT-hostnotificationstatus regular expression I copied and generate patters as follows
- index=nagios sourcetype="nagiosevent" | head 10000 | rex ".+HOST NOTIFICATION\:[^;]+;[^;]+;(?P
[^;]*)(?=;)" | top 50 hostnotificationstatus
and
For the nagios EXTRACT-hostnotification regex is as follows
- index=nagios sourcetype="nagiosevent" | head 10000 | rex ".+\w NOTIFICATION\:[^;]+;(?P
[^;]*)(?=;)" | top 50 hostnotification
Note:
Sourcetype= nagiosevent
index= nagios
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just in the case that anyone is out there in my predicament, This is what I have done that seems to make it work. Although I am not sure if I am correct, please not I am very new to splunk, splunk for nagios and limited knowledge with regex please do not slam me.
I have got this expression which I have just tested against my dater that works but I do not want it to be limited any input will highly appreciated.
index=nagios sourcetype="nagiosevent" | head 10000 | rex ".+HOST NOTIFICATION:[^;]+;[^;]+;(?P
So I went to modify the saved saved search by going to manager / searched & report and copy my generated pattern reges and paste.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just in the case that anyone is out there in my predicament, This is what I have done that seems to make it work. Although I am not sure if I am correct, please not I am very new to splunk, splunk for nagios and limited knowledge with regex please do not slam me.
I have got this expression which I have just tested against my dater that works but I do not want it to be limited any input will highly appreciated.
index=nagios sourcetype="nagiosevent" | head 10000 | rex ".+HOST NOTIFICATION:[^;]+;[^;]+;(?P
So I went to modify the saved saved search by going to manager / searched & report and copy my generated pattern reges and paste.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
