Still no luck.
We have all our data being indexed to a nagios index with sourcetype nagios, as per the install instructions.
When I do the search:
index="nagios"
Here is a snippet of the results:
Jun 21 10:53:17 lda nagios: SERVICE ALERT: ird8.st;TRAP;WARNING;HARD;1;262077 131038 1 0 34 output IP:TS Drop Pkts TT1222 major
Jun 21 10:53:07 leda nagios: SERVICE ALERT: sw4.syd.i;FastEthernet0/17 - sv21.sd - eth0 - LB1;OK;SOFT;3;FastEthernet0/17:UP (in=2028.2Kbps/out=736.1Kbps/errors-in=0.0/errors-out=0.0/discard-in=0.0/discard-out=0.0):(1 UP): OK
... View more