Page 1 of 1
Nagios Filter and and Query syntax
Posted: Thu Feb 09, 2017 1:46 pm
by SteveO86
Where can I find out about syntax for writing the queries. (screenshot attached)
I know I can click through and add filters that way but it would definitely be quicker to type.
Re: Nagios Filter and and Query syntax
Posted: Thu Feb 09, 2017 1:52 pm
by rkennedy
The same properties apply when writing them out, as they do when it comes to clicking and selecting with the magnifying glass.
We have two general informational points here that might help -
https://assets.nagios.com/downloads/nag ... Server.pdf
https://www.youtube.com/watch?v=vvhChfb5ruQ
What exactly are you looking to do?
Re: Nagios Filter and and Query syntax
Posted: Thu Feb 09, 2017 2:07 pm
by SteveO86
Thanks for the quick reply!
I am looking to build custom dashboards for different views. Similar to the following:
1. Dashboard that only display logs from 'edge firewalls'
2. Dashboard that only display logs from 'internal firewalls'
And then within each dashboard have different colored coded events for denied events vs allowed events and others
I was thinking each dashboard would have a filter based on multiple host IPs and use queries to color code the different events and I was just curious on Syntax.
EDIT: actually appears I can just used 'or' and 'and' statements example in the query string
host 10.10.10.1 or host 10.10.10.2 or host 10.10.10.3
Re: Nagios Filter and and Query syntax
Posted: Thu Feb 09, 2017 5:21 pm
by mcapra
There's two simple ways of looking at queries: Either you're using filters, or you're using Lucene. You can also use both at the same time. Stuff like this:
Code: Select all
host 10.10.10.1 or host 10.10.10.2 or host 10.10.10.3
Is Lucene. More info on Lucene syntax:
https://lucene.apache.org/core/2_9_4/qu ... yntax.html
A more appropriate formatting if your previously mentioned query might look like this:
Code: Select all
host:"10.10.10.1" OR host:"10.10.10.2" OR host:"10.10.10.3"