Nagios Log Server Reporting

[sgiworks]

Attached a output file, however it contains lot of other information which is not needed. If there a way to filter it?

[mcapra]

You should be able to do that in the query itself with the fields parameter:
https://www.elastic.co/guide/en/elastic ... est-fields

[sgiworks]

ok, let me try and I will get back to you with results. Thanks for guiding me through this new process.

[scottwilkerson]

ok, let me try and I will get back to you with results. Thanks for guiding me through this new process.

Let us know if we can be of further assistance.

[sgiworks]

Hello,

I tried below filters, but still the output have all the fields listed.

java -jar nlsexport.jar -host=localhost -date_start=2017.09.07 -date_end=2017.09.07 -output_path=/tmp/export_nls/ -query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1504735059807,"to":1504821459807}}},{"fquery":{"query":{"query_string":{"query":"EventID:(\"4625\" \"4771\" \"4776\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"_type:(\"eventlog\")"}},"_cache":true}}],"must_not":[{"fquery":{"query":{"query_string":{"query":"message:(S-1-0-0)"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"SComInstaller,Guest, IWKSEA%, IWKSSA%, SRV_PE_URL_MON"}},"_cache":true}}]}}}}}' -output_format=csv


Regards,
Swapnil

[mcapra]

Filters aren't good enough; Try the fields parameter I previously mentioned:

You should be able to do that in the query itself with the fields parameter:
https://www.elastic.co/guide/en/elastic ... est-fields

Something like this should work:

Code: Select all

{
	"fields": ["field_1", "field_2", "field_n"],
	"query": {
        ## query here
	}
}

Before applying fields:

Code: Select all

[root@nagios ~]# curl -XGET 'http://esprod00:9200/someindex/_search?size=1&pretty' -d '{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}}}'
{
  "took" : 267,
  "timed_out" : false,
  "_shards" : {
    "total" : 4,
    "successful" : 4,
    "failed" : 0
  },
  "hits" : {
    "total" : 46835893,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "someindex",
      "_type" : "request",
      "_id" : "AV5QjP4d_YLmLq5Ed9h3",
      "_score" : 1.0,
      "_source":{"field1":"value1","field2":"value2","field3":"value3"}
    } ]
  }
}

After applying fields:

Code: Select all

[root@nagios ~]# curl -XGET 'http://esprod00:9200/someindex/_search?size=1&pretty' -d '{"fields":["field3"],"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}}}'
{
  "took" : 267,
  "timed_out" : false,
  "_shards" : {
    "total" : 4,
    "successful" : 4,
    "failed" : 0
  },
  "hits" : {
    "total" : 46835893,
    "max_score" : 1.0,
    "hits" : [ {
      "_index" : "someindex",
      "_type" : "request",
      "_id" : "AV5QjP4d_YLmLq5Ed9h3",
      "_score" : 1.0,
      "_source":{"field3":"value3"}
    } ]
  }
}

[cdienger]

Did following mcapra's suggestion help?

[sgiworks]

Just discovered that Nagios LogServer version 2.0 will have ability to export table data via CSV, which is planned to be released in Q4 of 2017. Correct? Do we know if this will be available in October 2017?

https://www.nagios.com/roadmaps/?_ga=2. ... 1504900374

Regards,
Swapnil

[scottwilkerson]

Just discovered that Nagios LogServer version 2.0 will have ability to export table data via CSV, which is planned to be released in Q4 of 2017. Correct? Do we know if this will be available in October 2017?

https://www.nagios.com/roadmaps/?_ga=2. ... 1504900374

Regards,
Swapnil

We don't have a specific date, Q4 would mean sometime before the end of the year.

[sgiworks]

Is there a chance to get a beta version available for testing the reporting feature?