Open xkilian opened 11 years ago
skywalka
commented
11 years ago That would be awesome! Please submit a pull request and we'll give it a shot! Let me know if you need anything/have any questions or queries. Obviously I'm happy to assist/collab in anyway possible :)
Luke :)
xkilian
commented
11 years ago Okay, I will create a Shinken broker module to send the log data directly to a local Splunk universal forwarder. Not sure yet, what is the best method to forward it. (local tcp socket or pipe) Will keep you posted.
xkilian
commented
11 years ago For performance data, the Shinken Graphite_broker already sends data to a raw socket and creates the metric name as: hostname.servicename.metricname
or (If the variables GRAPHITE_PRE, SOURCE, GRAPHITE_POST are set for that host or service)
VAR1.hostname.VAR2.servicename.metricname.VAR3
So it is a matter of simply determining what should be the metric name value and cloning the graphite_broker.py module and apply minor changes. (Same as above or different?)
Though i seriously do not believe in using Splunk as a time-series store for performance data from a cost perspective. Graphite is better suited for this, and it includes an HTTP API to get raw data to do calculations and integration.(Or simply graphs)
Using the perfdata files is a total performance hog for monitoring systems.
Shinken and Nagios for that matter support exporting performance data using broker modules.
These send metrics using various methods. For example Shinken has a broker module to send data via pickle or raw sockets to Graphite. It also has modules to send data to syslog.
Performance data AND/OR log messages can be sent using the broker modules directly to Splunk.
It would be very easy to modify a Shinken broker module to export the data. If we create a module exporting data via syslog/TCP, would you be interested in having splunk-for-nagios process the data using this instead of the nagios.log or perfdata files?