Analytics for Nagios (formerly known as Splunk for Nagios) includes a major re-write of all dashboards using Simple XML and it leverages inputs from the Splunk Supported "Splunk Add-on for Nagios Core". It has been tested successfully with Nagios XI and Nagios Core 4.
Important: use Splunk for Nagios version 3 with Nagios 3.x, and Analytics for Nagios version 4 with Nagios Core 4.x or Nagios XI.
MK Livestatus Dashboards:
Very powerful dashboards:
Now you can monitor, manage and troubleshoot all your devices from one single pane of glass with Analytics for Nagios.
Get out of the 1980's and replace Cacti, Munin, MRTG, Orca, etc. with Analytics for Nagios... no more rrd configuration and no more agents to install.
Why poll for data twice? Analytics for Nagios creates the performance graphs automatically!
Analytics for Nagios also has another huge advantage over rrd based graphing solutions, and that is you can graph performance and capacity metrics with full fidelity, ie. no more 'averaged out' rrd based graphs.
Install the Splunk Supported "Splunk Add-on for Nagios Core"
Follow the Setup Instructions as per Splunk's official documentation:
Note: Do not set the following configurations in $NAGIOS_HOME/etc/nagios.cfg if you are running Nagios XI.
If they are commented, keep them commented. If they are set, remove or comment the options. If these lines are set, the field extractions in the add-on may fail.
Do not change the perfdata file templates as the data is also used by PNP in Nagios XI:
Update the sourcetypes in
inputs.conf if you are running Nagios XI:
[monitor:///usr/local/nagios/var/nagios.log] disabled = 0 sourcetype = nagios:core index = nagios [monitor:///usr/local/nagios/var/host-perfdata] disabled = 0 sourcetype = nagios:core:hostperfxi index = nagios [monitor:///usr/local/nagios/var/service-perfdata] disabled = 0 sourcetype = nagios:core:serviceperfxi index = nagios
Update the sourcetypes in
inputs.conf if you are running Nagios Core 4.x:
[monitor:///usr/local/nagios/var/nagios.log] disabled = 0 sourcetype = nagios:core index = nagios [monitor:///usr/local/nagios/var/host-perfdata] disabled = 0 sourcetype = nagios:core:hostperf index = nagios [monitor:///usr/local/nagios/var/service-perfdata] disabled = 0 sourcetype = nagios:core:serviceperf index = nagios
All of the dashboards and saved searches in Analytics for Nagios use searches based on index=nagios
nagios_indexmacro in Analytics for Nagios if you use a different index
Update the following macros in Analytics for Nagios if you are running Nagios Core 4.x:
Configure a Scheduled Saved Search in Splunk to send alerts to Nagios:
Copyright (c) 2015 Luke Harris. All Rights Reserved.
Major re-write of all dashboards using Simple XML, leveraging inputs from the Splunk Supported "Splunk Add-on for Nagios Core" and tested successfully with Nagios XI.
Major rewrite of all custom python search commands for integration with the latest version of MK Livestatus
Added new dashboards:
* Overview dashboard featuring Alerts & Notifications over time
* Recurring Alerts dashboard
* Gearman Workers dashboard
* Calendar Heatmap dashboard (D3)
* Network Map (D3)
Added the ability to acknowledge Host alerts via MK Livestatus
All of the external lookup scripts for MK Livestatus have been updated with support for multiple MK Livestatus servers.
A number of field extractions have been updated, as well as additional macros and a new event type.
I have also added several very powerful dashboards:
Livestatus Network Health
Livestatus Service Alerts
Livestatus Host SLA
Livestatus Service SLA
Livestatus Host Groups
Livestatus Service Groups
Livestatus Service Acknowledgement
Livestatus Host and Service Downtime
Top 100 Alerts
fixed bug in Livestatus Alerts Dashboard; added check_splunk_license script and new dashboard: Nagios Splunk License Usage Graph
added external lookup scripts for integration with MK Livestatus; added 2 dashboards updated with live status data from Nagios; added a CMDB Report and Service Alerts by Service Group; added 5 Cisco Network Dashboards with Graphs of Network Interface Utilization, CPU, Memory, Temperature and Gateway Usage; added AIX Filesystem Usage Graphs; added BSD specific Host Dashboard
- added 2 NAS Dashboards with Graphs of Storage Usage, Quota Usage, SAVVOL Usage, Connections by Protocol, etc (EMC Isilon and Celerra)
- added 4 all new Powerful Views with Graphs of metal level metrics sourced from Nagios Plugin Performance Data
- added Nagios Alerts Form Search with an auto-populating drop-down list of all device names to easily display relevant alert history
- added 5 all new field extractions for CIM compliance: http://www.splunk.com/base/Documentation/latest/Knowledge/UnderstandandusetheCommonInformationModel
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.