Page 1 of 1
Nagios LS - Capacity Planning
Posted: Tue Jun 11, 2019 1:44 am
by newmember
In one full day of business on Monday we consumed 137G of events.
Index # Docs Primary Size
logstash-2019.06.10 379,128,391 137GB
I see that the disk is holding what i would expect for a few days of data
Drive Used Free Folder
965G 304G 623G 33% /appl
I have 8 inputs currently.
How do I tell the daily volume size of events from each input?
Thanks
NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 2:04 am
by newmember
Is there a way to set the color of the different inputs in the "EVENTS OVER TIME" table?
ie:
input 1 - red
input 2 = blue
input 3 - yellow
etc
Capture.PNG
Thanks
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 8:37 am
by scottwilkerson
One way is to click on the blue dot in the query area and change the query type to TopN then in "Field" enter "host"
this will separate them into different shades, the alternative would be to enter each host as a different query with a different color by addinf multiple queries with the
+
Example:
red
blue
yellow
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 10:39 am
by newmember
Thanks and WOW
The 'eventlog' is really chatty for 6 window server hosts.
That was unexpected.
CapturenagiosLSvolume.PNG
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 10:55 am
by scottwilkerson
newmember wrote:Thanks and WOW
The 'eventlog' is really chatty for 6 window server hosts.
That was unexpected.
CapturenagiosLSvolume.PNG
In the TopN settings if you change the "Field" from _type to "host" you would see which server is the most chatty
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 11:28 am
by newmember
Perfect
yes one host stands out for more windows events
Capturenagioshost.PNG
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 11:44 am
by newmember
This appears to be the main event (sounds like MMA) that this driving up the event count.
Not sure if its important?
Cool how we can use Nagios LS to trouble shoot its self.
Code: Select all
The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 316
Application Name: \device\harddiskvolume2\windows\system32\svchost.exe
Network Information:
Direction: Inbound
Source Address: 224.0.0.252
Source Port: 5355
Destination Address: XX.XX.XX.12
Destination Port: 60317
Protocol: 17
Filter Information:
Filter Run-Time ID: 68611
Layer Name: Receive/Accept
Layer Run-Time ID: 44
Volume of this event from this host:
Capture-windows-event-filter.PNG
Re: NAgios LS - Dashboard Table Input Colors
Posted: Tue Jun 11, 2019 11:59 am
by scottwilkerson
newmember wrote:Cool how we can use Nagios LS to trouble shoot its self.
Yep
https://www.google.com/search?q=224.0.0.252
The connection to 224.0.0.252:5355 with protocol UDP is used by recent versions of Windows for Link Local Multicast Name Resolution (LLMNR) searching for local network computers.