Nagios Support Forum

Due to the so much number of our windows events, so we want to sparate windows event into other index
How to create a new index to store windows eventlog to separate from syslog?

You can create a separate index, but NLS won't be able to manage it for you--you'd be creating it outside of NLS.
Is that OK for your environment? Would you be able to maintain that index separately with your own filters and everything?

--Jeffrey

jdunitz wrote:You can create a separate index, but NLS won't be able to manage it for you--you'd be creating it outside of NLS.
Is that OK for your environment? Would you be able to maintain that index separately with your own filters and everything?

--Jeffrey

Ok i got it
But our log is too large, if we want to further improve the query speed, in addition to increasing the number of nodes to 10, maybe manually separating and managing the index is our only option to improve the query speed.

Hi @winsonlee,

Going to check with the team internally on this one, but how many nodes to you have right now?

We have 8 nodes now, and we plan to add 2 nodes more into cluster at next month

Hi @winsonlee,

Adding more nodes will certainly help improve performance and query speed, but I would also recommend reviewing the overall system to make sure there are no bottlenecks as far as memory, CPU, and disk performance. For example, if one of those nodes do not have sufficient memory or as much as the other nodes, the slower instance will slow down the query result.

The following guide has some more details on Nagios Log Server performance recommendations, let us know if you have more questions.

Performance and Storage Walkthrough