Nagios Support Forum

OK, @cdienger, thanks, we will try to increase the RAM for the machine using only 2GB.

My main concern was about MSG1 and MSG2 (see my initial post), because I had the impression Nagios Log Servers would not start.

Regards,
Liviu

Hello, @npolovenko, Thank you for your reply. I have 2 nagios deployments (completely independent, separate), both behave the same (a lot of "rejected" messages in the logs). Deployment1: 1 CPU core (Intel(R) Xeon(R) CPU E5-2690 v3 @ 2.60GHz) 2 GB RAM Deployment2: 1 CPU core (Intel(R) Xeon...

Hello, Our Nagios Log Server has stopped working (the elasticsearch service seemed to have stopped). We restarted the elasticsearch service and a lot of messages of the following type appeared in the log: MSG1: All shards failed for phase: [query] org.elasticsearch.action.NoShardAvailableActionExcep...

scottwilkerson Hi, Scott, Thank you for your reply. Yes, I also found this link, but I really can't tell which solution applies to us. I have 2 nagios deployments (completely independent, separate), both behave the same (a lot of "rejected" messages in the logs). Deployment1: 1 CPU core (...

Hello, We receive a lot of elasticsearch "query rejected" messages in nagios. E.g.: 2018-06-21 03:50:11,996][DEBUG][action.count ] [04c4efb4-9365-45d3-9c7b-162e3cbcc051] [logstash-2017.07.16][2], node[ac07Vu3JSl6vogmMAT4AYA], [P], s[STARTED]: failed to execute [[[]][], source[{"query&...

Yes, the timestamp in the message received by logstash is used as the timestamp in the nagios system.

match => { "message" => ...(?:%{TIMESTAMP_ISO8601:syslog_ts}|-)...
date {
match => [ "syslog_ts", "ISO8601" ]
}

Wow, thanks.
So you're saying if today=06.10.2017 and ES receives from logstash a message timestamped=04.10.2017, this message will be written into logstash-2017.10.04?
So i'ts actually the timestamp that matters, not the time running on the machine nagios is installed.

Liviu

First of all, sorry for the confusion. Yes, ES is the database, and Logstash writes data to ES. Q: "when the day rolls over" - so when the day changes on the machine nagios is running on, I can safely say logstash will no longer write to the "logstash-<previous day>" index? So I ...

Hello, I need to write a script that sends queries directly to elasticsearch and I need to process the whole previous day. Example: today = 06.10.2017 yesterday = 05.10.2017 yesterday index = logstash-2017.10.05 At what (minimum) time is it fine to run the script (on 06.10.2017) so that I am sure th...

Thank you for you answers. @mcapra: Yes, I also found the aggregations mechanisms. Using aggregations, I can group by messageID and by eventID (using 2 aggregations - 1 inner aggregation) and I can find out the actual count for eventID=101 for every messageID. Then, I need to parse the results (usin...