Page 1 of 1
Query question
Posted: Mon Jan 11, 2016 4:04 pm
by gregwhite
Our Network engineer is trying to query information from 12/17 for a specific router. So when I enter the router hostname into the query and set a custom time, the graph is showing that there are documents from 12/17 but under all events
for the Host the IP is not the IP of the router and it doesn't display events back to 12/17.
Re: Query question
Posted: Mon Jan 11, 2016 4:16 pm
by gregwhite
If I narrow the custom date to just the 17th it will display the events but the logsource is from our nagios server. Shouldn't the source be the Syslog from the Router?
Re: Query question
Posted: Mon Jan 11, 2016 4:56 pm
by jolson
I'd recommend using a filter here instead of doing restriction by query. Filters are meant to filter your data, while queries are more of an 'I'm going to experiment and see what kind of data I can pull out' utility. I would do the following:
1. Set up a filter based on a single existing log from your router. Choose a unique field, normally the hostname/IP is a good choice:
2016-01-11 15_54_47-Dashboard • Nagios Log Server.png
Then set up a custom time range - maybe make it a day or so. Every log that appears should be from your router.
Does that make sense? Let me know if the above is helpful.
Re: Query question
Posted: Tue Jan 12, 2016 3:07 pm
by gregwhite
Thanks. Yes this helped.
I need to get a better understanding of queries.
Re: Query question
Posted: Tue Jan 12, 2016 5:36 pm
by jolson
You might be interested in checking out this post I made about them, where I describe them in detail:
https://support.nagios.com/forum/viewto ... 38&t=36320