Page 1 of 2
Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 11:34 am
by CameronWP
Hi:
I just updated to the new version today and for some reason I can no longer filter on Event ID. Here is an image with no filtering with event ids shown:
Eventid_1_LI.jpg
And then here is the same dashboard where I am filtering for a particular event id:
Eventid_2.png
Thanks!
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 11:54 am
by cdienger
What version was installed previously?
I've tested this on a system and it filters as expected. Try editing the query and make sure there isn't an extra space in there.
Try increasing the memory limit of php.ini as well -
https://support.nagios.com/kb/article/n ... e-611.html
Does a query for 'EventId: 4642" return results ?
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 12:38 pm
by CameronWP
I upgraded from 2.0.8. The max_memory setting is currently 1024MB. I have tested my other fields and it just seems to be EventID having the issue. I am not even typing it in, I am clicking the magnifying glass beside the eventId field in the dashboard.
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 2:15 pm
by cdienger
Is this a single machine or a cluster? Are there any unassigned shards under Admin > System > Cluster Status?
Also, * is not a valid regex query and can cause this kind of behavior. What is the query type set to?
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 2:28 pm
by CameronWP
Hi:
It is a lucene query as defaulted:
Eventid_3.png
It is a single system and is showing green:
Eventid_4.png
After the upgrade there were two unassigned shards but I deleted them and as shown it is now reporting green.
Thanks!
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 2:48 pm
by cdienger
Clear the browser's cache and try a different one if you can and check the dev tools, /var/log/httpd/*, and /var/log/eleasticsearch/* logs to see if anything pops up when you try the query again:
Code: Select all
tail -f /var/log/elasticsearch/*
tail -f /var/log/httpd/*
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 3:03 pm
by CameronWP
Hi:
Nothing in either log that would be indicative of the issue. It only seems to be that one field for whatever reason.
Thanks!
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Fri Oct 25, 2019 3:17 pm
by CameronWP
I rebooted to ensure everything was reset. No change. I have tried the site with IE, Chrome and Firefox, no change. I am not sure what else to try. Thanks!
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Mon Oct 28, 2019 10:38 am
by cdienger
Please PM me a profile from the system. It can be gathered under Admin > System > System Status > Download System Profile or from the command line with:
Code: Select all
/usr/local/nagioslogserver/scripts/profile.sh
This will create /tmp/system-profile.tar.gz.
Note that this file can be very large and may not be able to be uploaded through the PM. This is usually due to the logs in the Logstash and/or Elasticsearch directories found in it. If it is too large, please open the profile, extract these directories/files and send them separately.
Re: Since Upgrading to 2.1.1, I can't filter on EventID
Posted: Mon Oct 28, 2019 12:25 pm
by CameronWP
Hi:
It has been a killer morning so I hadn't had a chance to respond. After letting it sit over the weekend, I came back today to find that it was working again.
Thank you for taking the time!