I missed this in your original query. It is not available currently, but I have added a feature request (internal ID 5072 ) to allow customization of messages on a per-alert basis (or you can use the predefined template).Jklre wrote:Also I haven't looked into it thoroughly yet but is there a way to customize those e-mail notifications that go out? Ideally id like to include some table names form the alerts into the e-mail message if possible.
scottwilkerson wrote:1. can be simplified, you are mutating either way, and we can put the add_tag inside the grok filter, change them like soThesecond item, I'm going to have to have someone dig into, it should bring you to the same query ( not dashboard ) having all of the query elements and filters, but yours appears to be missing some of the filter items...Code: Select all
if [type] == 'syslog' { grok { patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/." match => [ 'message', '%{SYSLOG5424PRI}%{MITCH_HOST:Mitch_host}%{GREEDYDATA:syslog_message}%%{CSTTERROR:CSTTError}%%%{MITCHERRORNUM:Mitch_ErrorNum}%%%{MITCHPRIORITY:Mitch_Priority}%%%{MITCH_ORG_HOST:Mitch_org_host}%{MITCHPROG:Mitch_prog}%{MITCHTIME:Mitchell_time}%{MITCHMESSAGE:Mitch_Message}%{MITCHMESSAGE2:Mitch_Message1}' ] add_tag => "Mitch_Jboss_Log" } } if [type] == 'syslog' { grok { patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/." match => [ 'message', '%{SYSLOG5424PRI}Message forwarded from %{MITCH_IBM_HOST:Mitch_host}:%{GREEDYDATA:Mitch_Message}' ] add_tag => "Mitch_IBM" } } if [type] == 'syslog' { grok { patterns_dir => "/usr/local/nagioslogserver/logstash/patterns/." match => [ 'message', '%{SYSLOG5424PRI}%{HEARTBEAT:Mitch_Message}' ] add_tag => "Mitchell_Heart" } } }
Thanks for putting in that feature request. That would definitely come in handy. Also if there was a way to customize the alerts that get sent over to nagios. Our operations team used check_mk as a dashboard and we are trying to move away from email notifications eventually so everything will stay in the main dashboard / dashboards. So any additional info we can make appear into the dashboard besides the rule names would make troubleshooting issues a lot more efficient for them. Like send some custom bits of data back in the status detail of the alert.scottwilkerson wrote:I missed this in your original query. It is not available currently, but I have added a feature request (internal ID 5072 ) to allow customization of messages on a per-alert basis (or you can use the predefined template).Jklre wrote:Also I haven't looked into it thoroughly yet but is there a way to customize those e-mail notifications that go out? Ideally id like to include some table names form the alerts into the e-mail message if possible.
Would that work?
Thank you I added the attached file into the path listed above and bounced the server. It looks like i'm still seeing the same behavior from either clicking the link provided in the alert e-mails and also going into alerts and selecting the "show alert in dashboard button" are there any other steps I need to perform?jomann wrote:It looks like the issue with clicking into alert dashboards was a bug. I've attached a file that you can replace that will fix it.
Copy/replace the file in:
/var/www/html/nagioslogserver/www/app/dashboards
scottwilkerson wrote:That fixed it in all of our tests. It is possible that this file is being cached by your browser
Code: Select all
[107100 TO 107199]Jklre wrote:scottwilkerson wrote:That fixed it in all of our tests. It is possible that this file is being cached by your browser
That was it. it took forever to clear. I tried manually clearing the cache but no dice. But its working now so thanks.
I have run into a few other questions though. Specifically about filters. I would like to filter by a specific field. But I want to do it by a range of numbers (preferably with regex)
So instead of just filtering for 107100 search for 1071[0-9]{1,2} etc
Or also to be able to run query on specific tables.
Thank you
Here you go.tgriep wrote:Could you go to "Administration > System Status" and post back the information in the Instance field?
