Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

'Splunk It' Link Not Working in Nagios 4.3.2

https://support.nagios.com/forum/viewtopic.php?t=44581

Page 1 of 1

'Splunk It' Link Not Working in Nagios 4.3.2

Posted: Fri Jul 07, 2017 3:03 pm
by ssnavely0991
Hello,

I am using the latest version of Nagios (4.3.2). I changed the enable_splunk_integration variable to true today and entered my base url for splunk. However, whenever I would click the 'splunk>' icon from a 'Services' or 'Hosts' page, I would get a 404 not found error. I went to my splunk installation and typed the same search terms in to the splunk search bar that Nagios was trying to pass in the URL. I found that the URL that my version of Splunk (6.5.2) has for searching is different than what is implemented in Nagios 4.3.2.

I went to the Nagios 4.3.2 source code and edited the cgi/cgiutils.c file which contains the anchor tag with href to splunk. I edited the URL to match what is in splunk, recompiled, and now the 'splunk>' button works great.

Has anyone else had this issue with Nagios / Splunk integration? Anyways here is the .patch file for the changes I made.

Code: Select all

--- nagios-4.3.2/cgi/cgiutils.c 2017-05-09 12:03:31.000000000 -0500
+++ nagios-4.3.2-splunk-patch/cgi/cgiutils.c    2017-07-07 14:44:20.759764576 -0500
@@ -2063,7 +2063,7 @@
        if(hst == NULL)
                return;

-       printf("<a href='%s?q=search %s' target='_blank'><img src='%s%s' alt='Splunk It' title='Splunk It' border='0'></a>\n", splunk_url, url_encode(hst->name), url_images_path, SPLUNK_SMALL_WHITE_ICON);
+       printf("<a href='%sapp/search/search?q=search %s' target='_blank'><img src='%s%s' alt='Splunk It' title='Splunk It' border='0'></a>\n", splunk_url, url_encode(hst->name), url_images_path, SPLUNK_SMALL_WHITE_ICON);

        return;
        }
@@ -2077,7 +2077,7 @@
        if(svc == NULL)
                return;

-       printf("<a href='%s?q=search %s%%20", splunk_url, url_encode(svc->host_name));
+       printf("<a href='%sapp/search/search?q=search %s%%20", splunk_url, url_encode(svc->host_name));
        printf("%s' target='_blank'><img src='%s%s' alt='Splunk It' title='Splunk It' border='0'></a>\n", url_encode(svc->description), url_images_path, SPLUNK_SMALL_WHITE_ICON);

        return;
@@ -2098,7 +2098,7 @@

        strip_splunk_query_terms(newbuf);

-       printf("<a href='%s?q=search %s' target='_blank'>", splunk_url, url_encode(newbuf));
+       printf("<a href='%sapp/search/search?q=search %s' target='_blank'>", splunk_url, url_encode(newbuf));
        if(icon > 0)
                printf("<img src='%s%s' alt='Splunk It' title='Splunk It' border='0'>", url_images_path, (icon == 1) ? SPLUNK_SMALL_WHITE_ICON : SPLUNK_SMALL_BLACK_ICON);
        printf("</a>\n");

Re: 'Splunk It' Link Not Working in Nagios 4.3.2

Posted: Fri Jul 07, 2017 3:19 pm
by tmcdonald
I don't think we have actively maintained the Splunk integration in quite some time. I honestly thought it had been deprecated.

Re: 'Splunk It' Link Not Working in Nagios 4.3.2

Posted: Fri Jul 07, 2017 4:03 pm
by ssnavely0991
Are you planning on maintaining splunk integration in the future? We would like to use it at my company. In the past we have had to go to our Splunk instance and manually search for these terms. Because Nagios is our starting point when we have a problem with a host/service, it is much nicer to simply click a button and be taken to splunk with some relevant search terms. It looks like a simple URL change fixes the integration.

Re: 'Splunk It' Link Not Working in Nagios 4.3.2

Posted: Fri Jul 07, 2017 4:07 pm
by tmcdonald
Almost certainly not, as we have our own Nagios Log Server product that we maintain: https://www.nagios.com/products/nagios-log-server/
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited