Hello and good morning,
I'm going through the documentation for creating custom queries as well as creating alerts based on those queries and I'm sorry to say it's lacking for my specific needs.
What I would like to know, is if there's a way to create an email alert based a query that will send a single email for each individual host having the issue?
We have a number of servers that are throwing out Windows Event ID 50:Delayed Write Failed. This is bad for servers with databases running on them, so we'd like to know ASAP when it's happening. The issue being, in a 24 hour period we might get over 1000 hits for that error and we don't want 1000 email alerts being generated. I'm not sure if the alerting section has the ability to get this granular, but it doesn't hurt to ask.
Thank you!
Configuring Log Server alerts based on custom Query
Re: Configuring Log Server alerts based on custom Query
It's a bit more granular than what NLS can do. NPCA may be better suited for this - https://www.nagios.org/ncpa/help.php#api-modules-logs. An agent on the servers monitoring the logs will allow you to set notification intervals so you don't get a flood of emails.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Configuring Log Server alerts based on custom Query
I found this support article: https://support.nagios.com/forum/viewto ... s&start=10
Is there a way to setup a query like this, so Log Server will list the IP addresses of the affected servers in the alert email it sends out? Unfortunately, the person who opened the support request never replied if the query they had worked or not.
Is there a way to setup a query like this, so Log Server will list the IP addresses of the affected servers in the alert email it sends out? Unfortunately, the person who opened the support request never replied if the query they had worked or not.
Re: Configuring Log Server alerts based on custom Query
Alerts can include "%uniquehosts%" which provides a list of unique hosts from the query results.
https://assets.nagios.com/downloads/nag ... Server.pdf
https://assets.nagios.com/downloads/nag ... Server.pdf
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Configuring Log Server alerts based on custom Query
So, if I had this query.
Where would I include "%uniquehosts%"?
Code: Select all
{
"query": {
"filtered": {
"query": {
"bool": {
"should": [
{
"query_string": {
"query": "message:\"Delayed Write Failed\""
}
}
]
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"from": 1569513540762,
"to": 1569599940762
}
}
}
]
}
}
}
}
}Re: Configuring Log Server alerts based on custom Query
It'd be part of an email template:
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Configuring Log Server alerts based on custom Query
Oh ok, go ahead and lock this. I think I've got it from here.
Thanks for your assistance.
Thanks for your assistance.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Configuring Log Server alerts based on custom Query
Great!rferebee wrote:Oh ok, go ahead and lock this. I think I've got it from here.
Thanks for your assistance.
Locking