Page 2 of 4
Re: Nagios Log Server Reporting
Posted: Tue Aug 22, 2017 3:08 pm
by sgiworks
Attached a output file, however it contains lot of other information which is not needed. If there a way to filter it?
Re: Nagios Log Server Reporting
Posted: Tue Aug 22, 2017 3:22 pm
by mcapra
You should be able to do that in the query itself with the
fields parameter:
https://www.elastic.co/guide/en/elastic ... est-fields
Re: Nagios Log Server Reporting
Posted: Tue Aug 22, 2017 3:24 pm
by sgiworks
ok, let me try and I will get back to you with results. Thanks for guiding me through this new process.
Re: Nagios Log Server Reporting
Posted: Wed Aug 23, 2017 8:55 am
by scottwilkerson
sgiworks wrote:ok, let me try and I will get back to you with results. Thanks for guiding me through this new process.
Let us know if we can be of further assistance.
Re: Nagios Log Server Reporting
Posted: Fri Sep 08, 2017 10:06 am
by sgiworks
Hello,
I tried below filters, but still the output have all the fields listed.
java -jar nlsexport.jar -host=localhost -date_start=2017.09.07 -date_end=2017.09.07 -output_path=/tmp/export_nls/ -query='{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1504735059807,"to":1504821459807}}},{"fquery":{"query":{"query_string":{"query":"EventID:(\"4625\" \"4771\" \"4776\")"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"_type:(\"eventlog\")"}},"_cache":true}}],"must_not":[{"fquery":{"query":{"query_string":{"query":"message:(S-1-0-0)"}},"_cache":true}},{"fquery":{"query":{"query_string":{"query":"SComInstaller,Guest, IWKSEA%, IWKSSA%, SRV_PE_URL_MON"}},"_cache":true}}]}}}}}' -output_format=csv
Regards,
Swapnil
Re: Nagios Log Server Reporting
Posted: Fri Sep 08, 2017 10:33 am
by mcapra
Filters aren't good enough; Try the
fields parameter I previously mentioned:
Something like this should work:
Code: Select all
{
"fields": ["field_1", "field_2", "field_n"],
"query": {
## query here
}
}
Before applying
fields:
Code: Select all
[root@nagios ~]# curl -XGET 'http://esprod00:9200/someindex/_search?size=1&pretty' -d '{"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}}}'
{
"took" : 267,
"timed_out" : false,
"_shards" : {
"total" : 4,
"successful" : 4,
"failed" : 0
},
"hits" : {
"total" : 46835893,
"max_score" : 1.0,
"hits" : [ {
"_index" : "someindex",
"_type" : "request",
"_id" : "AV5QjP4d_YLmLq5Ed9h3",
"_score" : 1.0,
"_source":{"field1":"value1","field2":"value2","field3":"value3"}
} ]
}
}
After applying
fields:
Code: Select all
[root@nagios ~]# curl -XGET 'http://esprod00:9200/someindex/_search?size=1&pretty' -d '{"fields":["field3"],"query":{"bool":{"should":[{"query_string":{"query":"*"}}]}}}'
{
"took" : 267,
"timed_out" : false,
"_shards" : {
"total" : 4,
"successful" : 4,
"failed" : 0
},
"hits" : {
"total" : 46835893,
"max_score" : 1.0,
"hits" : [ {
"_index" : "someindex",
"_type" : "request",
"_id" : "AV5QjP4d_YLmLq5Ed9h3",
"_score" : 1.0,
"_source":{"field3":"value3"}
} ]
}
}
Re: Nagios Log Server Reporting
Posted: Fri Sep 08, 2017 1:55 pm
by cdienger
Did following mcapra's suggestion help?
Re: Nagios Log Server Reporting
Posted: Tue Sep 26, 2017 10:48 am
by sgiworks
Just discovered that Nagios LogServer version 2.0 will have ability to export table data via CSV, which is planned to be released in Q4 of 2017. Correct? Do we know if this will be available in October 2017?
https://www.nagios.com/roadmaps/?_ga=2. ... 1504900374
Regards,
Swapnil
Re: Nagios Log Server Reporting
Posted: Tue Sep 26, 2017 12:46 pm
by scottwilkerson
sgiworks wrote:Just discovered that Nagios LogServer version 2.0 will have ability to export table data via CSV, which is planned to be released in Q4 of 2017. Correct? Do we know if this will be available in October 2017?
https://www.nagios.com/roadmaps/?_ga=2. ... 1504900374
Regards,
Swapnil
We don't have a specific date, Q4 would mean sometime before the end of the year.
Re: Nagios Log Server Reporting
Posted: Tue Oct 03, 2017 8:47 am
by sgiworks
Is there a chance to get a beta version available for testing the reporting feature?