Nagios Support Forum

Posted: **Fri Sep 27, 2019 11:20 am**

Hello and good morning,

I'm going through the documentation for creating custom queries as well as creating alerts based on those queries and I'm sorry to say it's lacking for my specific needs.

What I would like to know, is if there's a way to create an email alert based a query that will send a single email for each individual host having the issue?

We have a number of servers that are throwing out Windows Event ID 50:Delayed Write Failed. This is bad for servers with databases running on them, so we'd like to know ASAP when it's happening. The issue being, in a 24 hour period we might get over 1000 hits for that error and we don't want 1000 email alerts being generated. I'm not sure if the alerting section has the ability to get this granular, but it doesn't hurt to ask.

Thank you!

Posted: **Fri Sep 27, 2019 1:40 pm**

It's a bit more granular than what NLS can do. NPCA may be better suited for this - https://www.nagios.org/ncpa/help.php#api-modules-logs. An agent on the servers monitoring the logs will allow you to set notification intervals so you don't get a flood of emails.

Posted: **Mon Sep 30, 2019 3:18 pm**

I found this support article: https://support.nagios.com/forum/viewto ... s&start=10

Is there a way to setup a query like this, so Log Server will list the IP addresses of the affected servers in the alert email it sends out? Unfortunately, the person who opened the support request never replied if the query they had worked or not.

Posted: **Tue Oct 01, 2019 2:17 pm**

Alerts can include "%uniquehosts%" which provides a list of unique hosts from the query results.

https://assets.nagios.com/downloads/nag ... Server.pdf

Posted: **Wed Oct 02, 2019 10:30 am**

So, if I had this query.

Code: Select all

{
    "query": {
        "filtered": {
            "query": {
                "bool": {
                    "should": [
                        {
                            "query_string": {
                                "query": "message:\"Delayed Write Failed\""
                            }
                        }
                    ]
                }
            },
            "filter": {
                "bool": {
                    "must": [
                        {
                            "range": {
                                "@timestamp": {
                                    "from": 1569513540762,
                                    "to": 1569599940762
                                }
                            }
                        }
                    ]
                }
            }
        }
    }
}

Where would I include "%uniquehosts%"?

Posted: **Wed Oct 02, 2019 3:20 pm**

It'd be part of an email template:

Posted: **Wed Oct 02, 2019 3:31 pm**

Oh ok, go ahead and lock this. I think I've got it from here.

Thanks for your assistance.

Posted: **Wed Oct 02, 2019 4:36 pm**

rferebee wrote:Oh ok, go ahead and lock this. I think I've got it from here.

Thanks for your assistance.

Great!

Locking

Nagios Support Forum

Configuring Log Server alerts based on custom Query

Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query

Re: Configuring Log Server alerts based on custom Query