Wildcards for filtering?
-
bpizzutiWHI
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Wildcards for filtering?
Just wondering if any wildcard expressions are available for the filtering section of a dashboard? I've got about 48 web servers that I'd like to put into one dashboard, and if I have to I can do an "either" filter for all 48, but I'd really rather not. Besides, any new hosts will follow a similar naming scheme that a wildcard filter should pick up on.
Re: Wildcards for filtering?
The * wildcard character can be used in filters but don't use it inside " " quotes unless you want to filter for strings that contain an actual *. You can also use AND OR NOT ( ) - + ! (https://logz.io/blog/kibana-tutorial/) to fine tune a filter.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
bpizzutiWHI
- Posts: 64
- Joined: Thu Mar 02, 2017 10:15 am
Re: Wildcards for filtering?
Ok, so I'm trying to filter some custom Apache logs by the logsource field, I've got a number of servers named "vmNNnxpNN-cv2" and I want to wildcard the two digit numbers (NN). I've tried both asterisks and question marks, and both seem to be looking for exact matches. I also tried two asterisks, in case the asterisk was representing a single wildcard character for some reason, same result.
However, when I tried this with the "host" field, which is an IP, using 192.168.1.*, THAT seems to work. Any thoughts? I can certainly do it that way thanks to the way we do subnets in this case, but it only seems to work on certain fields?
However, when I tried this with the "host" field, which is an IP, using 192.168.1.*, THAT seems to work. Any thoughts? I can certainly do it that way thanks to the way we do subnets in this case, but it only seems to work on certain fields?
Re: Wildcards for filtering?
Correct; In this particular case, it largely depends on the underlying data type for a given field. Nagios Log Server dynamically maps all fields to the "best fit" data type and is, in many cases, good at handling IPv4/IPv6 addresses gracefully.bpizzutiWHI wrote:but it only seems to work on certain fields?
If it were my problem to solve, I'd rig up a grok filter to parse those "vmXXnxpYY-cv2" fields into two distinct fields so I could query them directly.
You can also do regex searches via the GUI (little drop-down next to the search bar, I forget specifically where it is), but I was never able to make them work very well. Perhaps you will have better luck than me
Last edited by mcapra on Wed Oct 18, 2017 2:51 pm, edited 1 time in total.
Former Nagios employee
https://www.mcapra.com/
https://www.mcapra.com/
-
kyang
Re: Wildcards for filtering?
Thanks @mcapra,
@bpizzutiWHI, do you have any more questions or did mcapra's answer work out for you?
@bpizzutiWHI, do you have any more questions or did mcapra's answer work out for you?