Nagios Support Forum

I'm a new users, and I have search in vain for an explanation of the query and filter syntax in Nagios Log Server. Ideally, I'd like both the syntax and a comprehensive list of examples.

And it would be helpful if the flavor of regex used in NLS were explained somewhere. Python? Perl? Emacs? Grep?

I've found a few links on the forum here, but they seem to be the result of hit-and-miss exploration by users rather than well-considered expositions by designers and developers. I would prefer the latter.

Thanks!

Have you checked out out knowledgebase? The following overviews should give a good introduction:

https://support.nagios.com/kb/article.p ... ategory=45
https://support.nagios.com/kb/article.p ... ategory=45

You can also check out the documentation for some of the components that Logserver uses:

https://www.elastic.co/guide/en/kibana/ ... lters.html
https://www.elastic.co/guide/en/beats/p ... lters.html

I'm a new users, and I have search in vain for an explanation of the query and filter syntax in Nagios Log Server. Ideally, I'd like both the syntax and a comprehensive list of examples.

Please read through the following write-up regarding queries versus filters in the dashboard:

First, what is the use difference between QUERY and FILTERING?

The distinction seems small at first, but grows as you get more familiar with the product.

The basic difference is that filters are used for filtering out logs you do not want to see, or filtering in logs that you do want to see.

Queries are used for searching through the remaining information.

You can apply several filters (filter by host, username, and ip address range, for example). You can use AND and OR operations between your filters.

Queries can _only_ use the OR operator, because Nagios Log Server expects that anything you query for you _want to see_ - multiple queries means multiple representations of data. For example: The two queries are displayed side-by-side on that graph, because it is assumed that anything you query is something you'd like to see (on graphs, charts, etc) - be sure to keep this in mind when designing your dashboards.

Filters are a more low-level construct for getting rid of noise.

That about described the difference between them in my mind. Let me know if you have any questions.

Are there any docs with use case examples on creating queries/filters. The simple queries are easy, but it would be great to see what I can do with log server.

While I agree that an extensive guide would be useful that directly relates to NLS, we haven't generated one - mostly because there are several great guides on the internet already. Here are some of my favorites:
https://www.elastic.co/guide/en/kibana/ ... lters.html
https://www.mjt.me.uk/posts/kibana-101/

And it would be helpful if the flavor of regex used in NLS were explained somewhere. Python? Perl? Emacs? Grep?

The regex library used in Logstash is Oniguruma. Feel free to read up on the syntax.

I've found a few links on the forum here, but they seem to be the result of hit-and-miss exploration by users rather than well-considered expositions by designers and developers. I would prefer the latter.

Here are some of the better ones:

Logstash-
Long:
http://support.nagios.com/forum/viewtop ... 37&t=32221


Less long:
http://support.nagios.com/forum/viewtop ... 28#p137728

Alerts:
http://support.nagios.com/forum/viewtop ... 37&t=32548

Let me know if you have any questions after reading through the above!