Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

I wanna kick ELK to the curb!

https://support.nagios.com/forum/viewtopic.php?t=29715

Page 1 of 1

I wanna kick ELK to the curb!

Posted: Tue Oct 21, 2014 4:51 pm
by benhank
How would I set up NLS to pull in old logs and data that has already been processed by my ELK stack?

Re: I wanna kick ELK to the curb!

Posted: Wed Oct 22, 2014 1:28 pm
by abrist
This is a good question. I am going to pull in a dev on this one. More shortly.

Re: I wanna kick ELK to the curb!

Posted: Wed Oct 22, 2014 1:48 pm
by scottwilkerson
Here's the quick way to accomplish this..

Add the following input to just ONE instance of your Nagios Log Server cluster
Admin -> PER INSTANCE (ADVANCED) -> Select 1 instance -> Add Input
Then, based on this input you will add something like the following to connect to your OLD ELK server

Code: Select all

input {
  # Read all documents from Elasticsearch matching the given query
  elasticsearch {
    host => "YOUR_OLD_SERVER_HOSTNAME"
    size => 10000
  }
}
Then, Apply configuration, and all of data will be pulled into Log Server from your existing ELK stack.

Re: I wanna kick ELK to the curb!

Posted: Mon Oct 27, 2014 1:21 pm
by benhank
all set can be locked
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited