<div dir="ltr"><div><div><div>From what I can tell, after trying it, the query string appended to the splunk_url parameter referneces Nagios specific things... </div>e.g. https://splunk_url/?q=search?%20hostname%20Nagios_command_description </div>So, the implication is that somehow splunk has data about nagios checks, by name. For my environment, splunk uses short names. We set this up to avoid having a mix of both short names and fqdns in the host field since most of our splunk data is sourced from syslog which doesn't provide fqdn. Because of this clicking the link for this in Nagios would result in splunk on the FQDN and producing no results. </div>The other issue is that at this point, splunk has no data about nagios checks, so searching the check name, also does nothing for us. So I hope you can see why I'm confused about the purpose of this integration. </div><div class="gmail_extra"> <div class="gmail_quote">On Tue, Sep 10, 2013 at 3:12 PM, Frost, Mark {BIS} <<a href="mailto:mark.frost1@pepsico.com" target="_blank">mark.frost1@pepsico.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div link="blue" vlink="purple" lang="EN-US"> <div> Huh. Where did those new options come from? They weren’t in the cgi.cfg docs the last time I looked J. I agree, it’s not terribly clear to me what that option does, but it does reference “Splunk IT” which is a special Splunk package that you can use for Splunk benchmarking. That still doesn’t make it clear what it’s used for. I see a second parameter, “splunk_url” that lets you specify the URL for your Splunk server. Maybe it just somehow says to pepper the logs with your Splunk URL in appropriate places. Mark From: Sean Alderman [mailto:<a href="mailto:salderman1@udayton.edu" target="_blank">salderman1@udayton.edu</a>] Sent: Tuesday, September 10, 2013 1:34 PM To: Nagios Users List<div class="im"> Subject: Re: [Nagios-users] Splunk Integration Question...</div> Just what's in the nagios doc on CGI.cfg. The doc is lacking about what it does, so I guess I'm a little curious what that config is about.<div><div class="h5"> - Sean Alderman Senior Engineer, UDit Systems Integration This message had been brought to you by Android Bionic. <div> On Sep 10, 2013 1:10 PM, "Frost, Mark {BIS}" <<a href="mailto:mark.frost1@pepsico.com" target="_blank">mark.frost1@pepsico.com</a>> wrote: <div> <div> Sean, Can you describe what you’re doing for Splunk integration with Nagios? I’ve used Splunk with Nagios in a couple different ways, but I’m not aware of any single standard for doing so. Originally, I just had Splunk run a scheduled search, which would trigger a script which sent a passive check result back to a Nagios service via NSCA. That way – having Nagios process passive check results from Splunk – was the only way I could see to do that. Recently, I played around a bit with writing scripts that made use of Splunk’s REST API so the checks could be run as active checks from Nagios. (I always prefer active checks). I set this up for only one check, but once I got it working it worked pretty well. As a side note, I’m still a little on the fence about whether or not I really want to have Nagios find problems through Splunk and then alert on them or have Splunk find an alert on them directly without using Nagios at all… Are you referring to another way of making Splunk and Nagios talk together? Mark From: Sean Alderman [mailto:<a href="mailto:salderman1@udayton.edu" target="_blank">salderman1@udayton.edu</a>] Sent: Monday, September 09, 2013 1:12 PM To: <a href="mailto:nagios-users@lists.sourceforge.net" target="_blank">nagios-users@lists.sourceforge.net</a> Subject: [Nagios-users] Splunk Integration Question... <div> <div> <div> <div> Greetings, </div> I was hoping I might find someone who's got the splunk integration actively working. I'm running Nagios Core (via EPEL) and Splunk 5.0.3 on OracleLinux 6.4. </div> When I edit cgi.cfg and enable splunk integration, then set the splunk URL to <a href="https://%3cmysplunkserver%3e:8000/en-US/app/search/flastimeline" target="_blank"> https://<mysplunkserver>:8000/en-US/app/search/flastimeline</a>, I notice the nagios URLs look like: https://<mysplunkserver>:8000/en-US/app/flashtimeline?q=search%<a href="http://20test1.udayton.edu" target="_blank">20test1.udayton.edu</a>%20<nagios plugin check>. I have two questions... · Is there a way I can make nagios use the hostname only, not the FQDN? We use short names in splunk so we don't a mix of fqdn and short names since we use both forwarders and syslog as input. · What data is this query looking for, is it expected that I should have my nagios log in splunk? The <nagios plugin check> in the query doesn't seem useful to me, unless there's splunk data specifically tied to that check, and I'm hoping someone could provide an example. </div> <div> <div> <div> <div> Kind regards, </div> <div> -- <div> Sean M. Alderman Senior Engineer, UDit Systems Integration and Engineering University of Dayton </div> </div> </div> </div> </div> </div> </div> </div> ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks <a href="http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk</a> _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net" target="_blank">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </div> </div></div></div> </div> ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks <a href="http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk" target="_blank">http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk</a> _______________________________________________ Nagios-users mailing list <a href="mailto:Nagios-users@lists.sourceforge.net">Nagios-users@lists.sourceforge.net</a> <a href="https://lists.sourceforge.net/lists/listinfo/nagios-users" target="_blank">https://lists.sourceforge.net/lists/listinfo/nagios-users</a> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </blockquote></div> -- <div dir="ltr">Sean M. Alderman Senior Engineer, UDit Systems Integration and Engineering University of Dayton 300 College Park Dayton, Ohio 45469-1530 <a>(937) 229-5088</a> <a href="mailto:salderman1@udayton.edu" target="_blank">salderman1@udayton.edu</a> "We are not some casual and meaningless product of evolution. Each of us is the result of a thought of God. Each of us is willed. Each of us is loved. Each of us is necessary." - BXVI </div> </div>