Refine your search:

Splunk for Nagios events

0

Currently when splunk eats the serviceperf and hostperf data the events come in as multi-line events. When in the nagios web view selecting splunk for a host may return a multi-line event that contains other hosts that came in at the same time. Is this as it should be? Would I be creating more problems by splitting the events so there is one single nagios event per event in splunk?

Thanks in advance.

asked 24 Jan, 09:23

kernand0's gravatar image

kernand0
1
accept rate: 0%

One Answer:
oldestnewestmost voted
0

Your props.conf should already have the following entry to ensure that each event is indexed as a single line:

/opt/splunk/etc/apps/SplunkForNagios/default/props.conf

[nagioshostperf]
SHOULD_LINEMERGE = false

[nagiosserviceperf]
SHOULD_LINEMERGE = false

You could try restarting splunk, I often find that this can solve line breaking issues :)

All the best,

Luke :)

link

answered 24 Jan, 19:17

Luke%20Harris's gravatar image

Luke Harris
90818
accept rate: 16%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×18
×1

Asked: 24 Jan, 09:23

Seen: 443 times

Last updated: 24 Jan, 19:17

Related questions

How do I configure Splunk for Nagios to ingest nagios events from syslog

Problem with Splunk for Nagios

No hostname list in Splunk for Nagios

Splunk Base for Nagios

splunk integration with nagios

How to display Nagios down times in Splunk dashboard

Alert from splunk to nagios from Splunk for Nagios

Monitoring Splunk with Nagios

Splunk for Nagios not working although log files are indexed

Copyright © 2005-2012 Splunk, Inc. All rights reserved.