Better Apache Dashboard stopped working

[mcapra]

We do use logsource, since we have both an internal and external setup with multiple load balanced front end servers.

Gotcha. Can you post the message field as it appears in Nagios Log Server from one of your access logs? Like so:

2017_01_23_14_22_06_Dashboard_Nagios_Log_Server.png

Yours will likely look different than mine, since mine are being run through the syslog input.

[GhostRider2110]

First here is from the message line:

message-logsource-01.png

I deleted the Better Apache Dashboard, the re-imported it. No luck, still Bandwidth and Event are not showing anything.

See-ya
Mitch

[GhostRider2110]

What is really strange is the Better Apache Dashboard is just a modified version of the Apache Dashboard. I exported the Apache Dashboard and did a compare of it with the Better Apache Dashboard and the Bandwidth and Events panels are exactly the same. Does not make much since that those panels show up properly in Apache Dashboard and not in Better Apache Dashboard. ???

[mcapra]

Try chucking a %{SYSLOGBASE} into your grok filter to restore the logsource field:

Code: Select all

if [type] == 'apache_access' {
        grok {
            match => ['message', '%{SYSLOGBASE}']
            match => [ 'message', '%{COMBINEDAPACHELOG}']
        }
        date {
            match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
        }
        mutate {
            replace => [ 'type', 'apache_access' ]
             convert => [ 'bytes', 'integer' ]
             convert => [ 'response', 'integer' ]
        }
    }

I think the Better Apache Dashboard might be getting cached somewhere. You could try importing it and saving it under a new name and see if that reproduces the panels? It's a bit old, but it loads into my NLS 1.4.4 just fine.

[GhostRider2110]

Well that did give me the logsource, but now not getting the other items like verb, response, request, bytes.... Looks like it might be skipping the COMBINEDAPACHELOG match.

[GhostRider2110]

Found the fix for the addition of the multiple match.

Code: Select all

if [type] == 'apache_access' {
    grok {
        match => [ 'message', '%{SYSLOGBASE}']
    }
    grok {
        match => [ 'message', '%{COMBINEDAPACHELOG}']
    }
    date {
         match => [ 'timestamp', 'dd/MMM/yyyy:HH:mm:ss Z' ]
    }
    mutate {
        replace => [ 'type', 'apache_access' ]
         convert => [ 'bytes', 'integer' ]
         convert => [ 'response', 'integer' ]
    }
}

Found simular problem listed in logstash issues, but it was indicated that the format you gave me was fixed in logstash 1.5.0, but that seems to not be the case. The format I put in seems to now have all the info. Monitoring now.

Last time I imported Better Apache Dashboard, I did change the name and still no go. LOL of course it would work for you, isn't that the case most of the time.. It works for support...

[mcapra]

Are you importing the dashboard using IE as your browser by chance? There is a known issue with our tricky Kibana dashboard handling that affects IE.

[GhostRider2110]

IE!!!... LOL
No, Linux workstation with Chrome.

But after fixing the Apache filter with the multiple match entries those panels started working... Go figure.....

[dwhitfield]

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!

[GhostRider2110]

I have one other question, kinda related, now that I have it working, I have created a dashboard which some of the maps and graphs, is there a way to display that without a login? We have a "kiosk" setup for displaying status info and would like to display some local dashboards.

Thanks for all the help..

Mitch