|
We have alarming for our servers realized in Nagios. When we deploy new software releases on the servers, we set a downtime in Nagios to avoid alarming during this time. The Splunk dashboards (for example, count of events) are not aware of these downtimes. So the chart shows zero events for the deployment time without any explanation. So most likely the boss will ask what happened during this time... Is there any idea how to make Splunk charts aware of Nagios downtimes? Can we insert Splunk events from the Nagios server via CLI? Thanks Norbert |
|
hi nhamel there is an app http://splunk-base.splunk.com/apps/29098/host-filter which could help you filter out host if they are on a planed downtime. cheers |
|
Hi, thanks for your input, but this is not what I was looking for. When the servers are in downtime, I have no events in Splunk, so nothing to filter. I need to get the information from Nagios, that the server is in scheduled downtime and not down by technical problems. So I would like to send an event from nagios to Splunk, stating that the downtime is starting or stopping. These events could then be displayed in the chart ... you can have your nagios events send to splunk - as syslog event - as snmptrap - write it into a file and then for sure you must setup splunk and your dashboard the way it can handle this nagios event.
(01 Feb, 05:39)
MuS
|
|
Hi Norbert :) I developed an app for that :) You can use Splunk For Nagios to search Nagios downtime events, alerts and notifications and trend problems over time. Over 40 field extractions are included, as well as 8 Saved Searches, and Advanced Dashboards featuring recent Warning and Critical Alerts, as well as Integration with MK Livestatus and the ability to Schedule Saved Searches in Splunk to send alerts to Nagios: http://splunk-base.splunk.com/apps/22374/splunk-for-nagios All the best, Luke :) |
