search

skywalka / splunk-for-nagios

Analytics for Nagios
GNU General Public License v3.0
22 stars 6 forks source link

Migrate to macros #5

Open tfhartmann opened 11 years ago

tfhartmann commented 11 years ago

I think it may be useful to migrate the searches in the XML to something powered by a couple of macro's that way rather then update the XML on Install, we can have a setup screen that just updates the macro!

skywalka commented 11 years ago

very good idea @tfhartmann !!! would you be willing to take a crack at this?

tfhartmann commented 11 years ago

Sure! I'm happy to give it a go!

skywalka commented 11 years ago

sweet, let me know if you have any questions or queries :)

tfhartmann commented 11 years ago

I made some pretty good progress today, one thing I was thinking was an option for users who have hostgroup and servicegroup lookups working with livestatus is to use that data to create lookup tables for servers/network devices to populate the pulldowns. I know in my production version I just changed the search to filter more closely on name, but I already did this when I separated stuff out into hostgroups! That macro looks like this at the moment:

earliest=-24h index="nagios" nagiosevent="CURRENT HOST STATE" | rex ".+CURRENT HOST STATE: (?P[^;]_)(?=;)" | lookup local=true nagios-hostgroupmembers host_name AS srchost | search hostgroup=$hostgroup$* | stats count by device | outputlookup $lookupfilename$

This search could then be run on some schedule populating local lookup tables to provide faster pulldowns!

On Nov 28, 2012, at 6:01 PM, Luke Harris notifications@github.com wrote:

sweet, let me know if you have any questions or queries :)

— Reply to this email directly or view it on GitHub.

skywalka commented 11 years ago

I have been thinking more on this and wanted to know if you could append new hosts instead of overwriting the lookup table? This would be useful when you decommission a host in nagios but you still want to see it appear in the hostname list in Splunk to refer to historical data :)

tfhartmann commented 11 years ago

:+1:

I like that idea! On Sep 5, 2013, at 1:31 AM, Luke Harris notifications@github.com wrote:

I have been thinking more on this and wanted to know if you could append new hosts instead of overwriting the lookup table? This would be useful when you decommission a host in nagios but you still want to see it appear in the hostname list in Splunk to refer to historical data :)

— Reply to this email directly or view it on GitHub.