LS indexes

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
newmember
Posts: 43
Joined: Sat Sep 03, 2016 2:54 pm

LS indexes

Post by newmember »

NLS uses a daily index currently.

I have multiple clients with individual PCI requirements.
For each client has 3 env. Prod, Staging, and Dev.

Is this type of filtering supported by NLS?

Code: Select all

filter {
      if [log_type] in [ "prod", "staging", "dev" ] {
        mutate { add_field => { "[@metadata][target_index]" => "staging-%{+YYYY.MM}" } }
      } else if [log_type] == "prod" {
        mutate { add_field => { "[@metadata][target_index]" => "prod-%{+YYYY.MM.dd}" } }
      } else if [log_type] == "dev" {
        mutate { add_field => { "[@metadata][target_index]" => "dev-%{+YYYY.MM.dd}" } }
    }
    output {
      elasticsearch {
        index => "%{[@metadata][target_index]}"
      }
    }
Top
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: LS indexes

Post by cdienger »

A filter like this can be put in place, but any sort of maintenance NLS does on indexes would no longer work since it is hardcoded to look for logstash-YYYY.MM.DD. Alerting would also no longer work for the same reason.

Dashboards would also need to be configured to use the new indexes.
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Top
Locked

Return to “Nagios XI”