Nagios Log Dashboard for ESXI Hosts

[anish]

Hi I have added ESXi source to Nagios log server. I would like to create the dashboard based on the message where in I can find the VCenter information .

Dashboard to be split based on Number of Host connected vCenter . Each change we perform has the vCenter Name provided. Each ESXi logsource under Program “FDM” (log) provides the vCenter Information for which the below Elastic search query can be used .

Code: Select all

curl -XGET 'http://sesklnglsipd01/nagioslogserver/api/backend/logstash-2017.04.19,logstash-2017.04.18/_search?pretty&token=330c628dd3e2b82de24b83a2a025c0b3d598c9d0' -d '{
  "query": {
    "filtered": {
      "query": {
        "bool": {
          "should": [
            {
              "query_string": {
                "query": "*SESKWRESVC01"
              }
            }
          ]
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "@timestamp": {
                  "from": 1492518959378,
                  "to": 1492605359378
                }
              }
            }
          ]
        }
      }
    }
  },
  "highlight": {
    "fields": {
      "*": {}
    },
    "fragment_size": 2147483647,
    "pre_tags": [
      "@start-highlight@"
    ],
    "post_tags": [
      "@end-highlight@"
    ]
  },
  "size": 250,
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "ignore_unmapped": true
      }
    },
    {
      "@timestamp": {
        "order": "desc",
        "ignore_unmapped": true
      }
    }
  ]
}'

In the Query the ""query": "*SESKWRESVC01" SESKWRESVC01 is the Vcenter name .Instead is there a common phrase that i can use in query to fetch the Vcenter information ?

[mcapra]

Just to clarify, you're trying to create a dashboard that contains all of your ESXI data, or you're trying to create a dashboard for each ESXI host?

An easy way to isolate any particular source is to give that source a dedicated port and assign a specific "type" to it. Something like this maybe:

Code: Select all

    syslog {
        type => 'esxi'
        port => 2090
    }

Then point your ESXI machine at port 2090, and all of it's traffic will have the "type" field set to "esxi". You could then filter on the type "esxi" or use a lucene search like type:esxi.

[anish]

Hi ,

I have already created the Type for ESXi hosts and mentioned the specific port as 1514. i would like to create the customized dashboard based the information present in the Log Message .

For example here is the log message

"[FFEE4B70 verbose 'Cluster' opID=SWI-47718a25] [HBDatastore::WritePowerOnList] Writing power-on-list @ /vmfs/volumes/58495812-6453b7b5-659b-00215a9c0166/.vSphere-HA/FDM-AC76723F-58BF-49AE-B616-B8D23F5B7550-66-b6ecfff-Seskwresvc01/host-48696-poweron with 158 vms isolated=false"


In the message " Seskwresvc01" indicates the VCenter Name. So i would like to create the dashboard with the filter mentioning the Vcenter info . Is that possible . Please find the attached snap shot for further reference.

[avandemore]

I'm not clear as to what exactly you've tried. Generally you should refine the filter to display the data you want. Once you have that, you can save it as a dashboard for future use. Does this answer your question?