Page 1 of 2
3 months of NLS - my wishlist for development
Posted: Thu Jan 08, 2015 3:47 pm
by nozlaf
First of all i'm very happy with NLS, i'm getting log data from about 25 different systems, have written grok filters for the majority of the data that i care about and made some dashboards that I am very happy with and could not live without this product!
as someone who was looking at a pretty expensive investment in splunk to achieve what i have done with NLS i'm thrilled that Nagios have released an ELK stack system with a sane user interface.
That being said there are plenty of annoying things about NLS that i'd love to see fixed.
- Apply configuration - this link should do what it says however it doesnt, the first time you do it you get a message "Deletion command has been sent to the backend." you then need to run it again to get the config to apply.
- Custom patterns should be configurable from the GUI, its pretty clear from the dashboards on the exchange that this is an essential feature but its currently quite difficult for novices to add them so it will hinder some people deploying it.
- exporting dashboards as a pdf - maybe I am missing something but i'd love to be able to export the dashboard as a pdf to show someone about an issue that is happening or for monthly reporting, sure I can print it as a pdf from chrome but it doesn't look right and there is a lack of functionality that a native export would achieve.
- Limited access accounts that are limited to running a set query (or better urls that people don't need to authenticate against to access specific data)- would mean that I can give people access to subsets of data from within NLS without concern that they can access all the log data in the repository
- make the "dark" style for dashboards work!
- a button that allows you to search NLS for a specific entry e.g. if I have a list of users web access and I want to look at what else that user has done on our systems I would love to click a button and search all of NLS for that username
and last but not least and this is the most important one possibly ever
- LDAP AUTHENTICATION or any other authentication method that can integrate with AD!
Re: 3 months of NLS - my wishlist for development
Posted: Thu Jan 08, 2015 4:11 pm
by jomann
Glad to hear it's been useful for you! That is what we built it for after all!
As for the list... Most, if not all, of the items you pointed out are on the radar (or have been fixed, which is the case for the 1st item) and will be coming in the future. I can tell you that LDAP/AD authentication is a high priority since we've seen many people ask for it and should be coming in the next few releases.
Re: 3 months of NLS - my wishlist for development
Posted: Thu Jan 08, 2015 5:07 pm
by nozlaf
when you say fixed, you mean in the next release? because I am on the current release (2015R1.2b) and if that is not the current release add the version check to the bug list.
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 11:50 am
by eloyd
nozlaf wrote:[*] make the "dark" style for dashboards work![/*]
I gotta say, this one seems like a trivial fix to me. Not sure why it's still outstanding. Otherwise, Sean's observations are spot on.
One thing we'd like to add or augment with what Sean was asking about is the ability to select a dashboard, date range, and possibly filter/query results from a URL. Authentication could be provided or not, doesn't matter (or this could all be a POST). This provides an awesome way to integrate NLS into other things such as NOC overhead displays or MIS dashboards without having to give everyone access and/or teach them how to fish.
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:10 pm
by sreinhardt
Good idea, we'll see about how we might implement that.
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:16 pm
by tmcdonald
eloyd wrote:One thing we'd like to add or augment with what Sean was asking about is the ability to select a dashboard, date range, and possibly filter/query results from a URL.
Run the following:
Code: Select all
curl -XGET 'http://logserveraddress:9200/_search?q=somequery&pretty'
Replace "somequery" with whatever you wanna search for. This is all handled directly by Elasticsearch.
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:26 pm
by eloyd
That seems to give us some sort of XML style output, not a web page. So can we query a dashboard, pass in a time range, and possibly an auto-refresh so we could iframe it on a NOC display?
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:34 pm
by tmcdonald
That's JSON, not XML. Much cleaner.
Dashboards are entirely a web frontend thing. All the dashboards really are are a collection of queries and some information on how to display them. Dashboards *do* the querying, so you can't query a dashboard. The time range would be a filter which would be run before the query. Any auto-refresh is basically just re-running that query on an interval.
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:40 pm
by eloyd
Yah, I'll be honest, I didn't really look too closely at the output.
I just saw that it wasn't what I asked for.
Given our NOC display is a series of iframes on a series of 50" monitors, we'd love to have a dashboard that we can query in an iframe and add it to the things we look at. This would be ideal if we could use a URL like:
Code: Select all
http://<NLS server>/dashboards/<dashboard name or ID number>?time=<past 4 hours or past 5 minutes, etc>?refresh=<seconds>
Ideally, we would not have to authenticate (or would be willing to add a ?user= ?pass= parameter or validate via Apache or restrict via IP). I know it's a lot to ask, but that would be
da bomb. What you're telling me I can do is write my own Kibana front-end, basically, and process things that are already being processed by the NLS dashboard. No love for you on that idea - we want you to do the development, not us!
Re: 3 months of NLS - my wishlist for development
Posted: Fri Jan 09, 2015 3:53 pm
by tmcdonald
Gotta speak to a dev on that. It *might* be possible to request a dashboard through Kibana directly, but that wouldn't make a ton of sense. Why not just point the iframes to a Logserver instance then navigate to the dashboard you need?