Solved: Re: Splunk for Nagios with main index

daeshuis · ‎05-06-2013

Hi Splunkbase,

I am very new to Splunk. The question I have is the following:

My Splunk and Nagios are on the same machine, both use syslog. Splunk to index (to the main index) and Nagios throws everything it's got in there. I have installed Splunk for Nagios but as hard as I try i don't get Splunk For Nagios to use the main index.

I have looked around on the forum and tried several thing. I created a nagios index, and also index the nagios.log. But this is not the place I would like to index and does not contain everything.

I have tried to also use the /var/log/messages again, but I am to new to know how to edit breaks or edit sources etc. How can I make Splunk For Nagios look in the main index?

If I missed something in the forum where such an answer has allready been given, then I apologize sincerely. Then I truly have missed it and then I do not want the answer given again. But then please point me toward the correct splunkbase question and I will go from there.

I am using Splunk 5.0.2 and Splunk For Nagios 2.0.1

Daniel

lukeh · ‎10-14-2013

Hi,

You could change all of the dashboards to use index=main instead of index=nagios 🙂

BTW, Splunk for Nagios 3.0.0 has been released so please upgrade first 🙂

All the best,

Luke 🙂

View solution in original post

lukeh · ‎10-14-2013

Hi,

You could change all of the dashboards to use index=main instead of index=nagios 🙂

BTW, Splunk for Nagios 3.0.0 has been released so please upgrade first 🙂

All the best,

Luke 🙂

Splunk for Nagios with main index

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...