Nagios Support Forum

Does not appear to be any special characters when i query in the UI. The event is from the security logs on Windows domain controllers, all of the DCs i'm using as inputs are generating these. event ID 4634 - an account was logged off. ngxiadmin is the account that my NGXI instance uses to authentic...

filters conf below, screen shot of parsed field attached. I've also tried this config with TargetUserName.raw to the same result. [root@PC5-NXLOG conf.d]# cat 500_filters.conf # # Logstash Configuration File # Dynamically created by Nagios Log Server # # DO NOT EDIT THIS FILE. IT WILL BE OVERWRITTEN...

So that almost worked. I can use that format to filter other fields if [type] == 'eventlog' { if [Severity] == 'INFO' and [Workstation] == 'xxxxxxxx' { drop {} } } This drops anything with severity INFO from one machine that I don't care about seeing. I confirmed that I can filter on items like seve...

I have a lot of white noise going on in my events, to the tune of 500k a day from this one source that I would liketo filter out. I'm trying the following to filter it out but it doesn't seem to be working. Not sure if TargetUserNane is the correct way to call it in the filter, but that's what it sh...

Wow, that was easy. Used that config and just added my own <QueryList> inside the Imput tags that were there and it's working perfectly. Thanks!

Resolved, can consider closed.

Hi everyone. Already an XI customer, testing out Log Server to see if it works for our needs so we can move away from our current product when it expires. I got the server up and running with only a few road blocks, and I'm now testing with just one DC sending logs, But I have this problem and I don...