Splunk Integration Question...

Sean Alderman salderman1 at udayton.edu
Tue Sep 10 19:34:04 CEST 2013


Just what's in the nagios doc on CGI.cfg. The doc is lacking about what it
does, so I guess I'm a little curious what that config is about.

- Sean Alderman
Senior Engineer, UDit Systems Integration

This message had been brought to you by Android Bionic.
On Sep 10, 2013 1:10 PM, "Frost, Mark {BIS}" <mark.frost1 at pepsico.com>
wrote:

>  Sean,****
>
> ** **
>
> Can you describe what you’re doing for Splunk integration with Nagios?
> I’ve used Splunk with Nagios in a couple different ways, but I’m not aware
> of any single standard for doing so.****
>
> ** **
>
> Originally, I just had Splunk run a scheduled search, which would trigger
> a script which sent a passive check result back to a Nagios service via
> NSCA.   That way – having Nagios process passive check results from Splunk
> – was the only way I could see to do that.****
>
> ** **
>
> Recently, I played around a bit with writing scripts that made use of
> Splunk’s REST API so the checks could be run as active checks from Nagios.
> (I always prefer active checks).   I set this up for only one check, but
> once I got it working it worked pretty well.****
>
> ** **
>
> As a side note, I’m still a little on the fence about whether or not I
> really want to have Nagios find problems through Splunk and then alert on
> them or have Splunk find an alert on them directly without using Nagios at
> all…****
>
> ** **
>
> Are you referring to another way of making Splunk and Nagios talk together?
> ****
>
> ** **
>
> Mark****
>
> ** **
>
> *From:* Sean Alderman [mailto:salderman1 at udayton.edu]
> *Sent:* Monday, September 09, 2013 1:12 PM
> *To:* nagios-users at lists.sourceforge.net
> *Subject:* [Nagios-users] Splunk Integration Question...****
>
> ** **
>
> Greetings,****
>
>   I was hoping I might find someone who's got the splunk integration
> actively working.  I'm running Nagios Core (via EPEL) and Splunk 5.0.3 on
> OracleLinux 6.4.****
>
>    When I edit cgi.cfg and enable splunk integration, then set the splunk
> URL to https://<mysplunkserver>:8000/en-US/app/search/flastimeline, I
> notice the nagios URLs look like: https://
> <mysplunkserver>:8000/en-US/app/flashtimeline?q=search%20test1.udayton.edu%20<nagios
> plugin check>.  I have two questions...****
>
> **·         **Is there a way I can make nagios use the hostname only, not
> the FQDN?  We use short names in splunk so we don't a mix of fqdn and short
> names since we use both forwarders and syslog as input.****
>
> **·         **What data is this query looking for, is it expected that I
> should have my nagios log in splunk?  The <nagios plugin check> in the
> query doesn't seem useful to me, unless there's splunk data specifically
> tied to that check, and I'm hoping someone could provide an example.
> ****
>
> Kind regards,****
>
> -- ****
>
> Sean M. Alderman
> Senior Engineer, UDit Systems Integration and Engineering
> University of Dayton****
>
>
> ------------------------------------------------------------------------------
> How ServiceNow helps IT people transform IT departments:
> 1. Consolidate legacy IT systems to a single system of record for IT
> 2. Standardize and globalize service processes across IT
> 3. Implement zero-touch automation to replace manual, redundant tasks
> http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20130910/3694e6fd/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list