Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Dashboard query inspect

https://support.nagios.com/forum/viewtopic.php?t=41026

Page 1 of 1

Dashboard query inspect

Posted: Tue Nov 08, 2016 9:14 am
by patalenszki.zoltan
Dear Support,

I would like to export result of one my dashboard query to file.
As i see, it is not possible from GUI, so i generate the query on inspect button and tried to run from console.

But I got wrong result. It seems that I get the first few records from the entire log repository.

Could you please help me?
Thanks in advance!

Regards,
Zoli

Code: Select all


curl -XGET 'https://lvpapp4010.hu.cre.insim.biz/nagioslogserver/api/backend/logstash-2016.11.08,logstash-2016.11.07,logstash-2016.11.06/_search?pretty&token=165a194405eed2136c07cf986ce7a34d5047a2bc' -d '{
  "facets": {
    "0": {
      "date_histogram": {
        "field": "@timestamp",
        "interval": "1d"
      },
      "global": true,
      "facet_filter": {
        "fquery": {
          "query": {
            "filtered": {
              "query": {
                "query_string": {
                  "query": "*"
                }
              },
              "filter": {
                "bool": {
                  "must": [
                    {
                      "range": {
                        "@timestamp": {
                          "from": 1478419203029,
                          "to": 1478776563029
                        }
                      }
                    },
                    {
                      "fquery": {
                        "query": {
                          "query_string": {
                            "query": "*NNHQMS*"
                          }
                        },
                        "_cache": true
                      }
                    }
                  ]
                }
              }
            }
          }
        }
      }
    }
  },
  "size": 0
}'

Re: Dashboard query inspect

Posted: Tue Nov 08, 2016 11:53 am
by mcapra
You could try altering the request to include something like size=100, but generally speaking you won't be able to feed proper filtered queries to the back-end Nagios Log Server API (for security reasons). If executing the query locally and saving the output to a file is an option, you could hit the elasticsearch API directly like so:

Code: Select all

curl -XPOST "http://localhost:9200/_search?pretty&size=10" -d '{"query":{"filtered":{"filter":{"range":{"@timestamp":{"from":"now-5d","to":"now"}}},"query":{"query_string":{"query":"*NNHQMS*"}}}}}'
Alter the size=10 value of the request to change the results size, the @timestamp value to change your lookback period, and the query_string to change your search term.

If you're looking for more than a few hundred records, there's vastly better options though. A scroll being the best option in this case probably.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited