Migrate to macros
Opened this issue · 6 comments
I think it may be useful to migrate the searches in the XML to something powered by a couple of macro's that way rather then update the XML on Install, we can have a setup screen that just updates the macro!
very good idea @tfhartmann !!! would you be willing to take a crack at this?
Sure! I'm happy to give it a go!
sweet, let me know if you have any questions or queries :)
I made some pretty good progress today, one thing I was thinking was an option for users who have hostgroup and servicegroup lookups working with livestatus is to use that data to create lookup tables for servers/network devices to populate the pulldowns. I know in my production version I just changed the search to filter more closely on name, but I already did this when I separated stuff out into hostgroups! That macro looks like this at the moment:
earliest=-24h index="nagios" nagiosevent="CURRENT HOST STATE" | rex ".+CURRENT HOST STATE: (?P[^;])(?=;)" | lookup local=true nagios-hostgroupmembers host_name AS src_host | search hostgroup=
This search could then be run on some schedule populating local lookup tables to provide faster pulldowns!
On Nov 28, 2012, at 6:01 PM, Luke Harris notifications@github.com wrote:
sweet, let me know if you have any questions or queries :)
—
Reply to this email directly or view it on GitHub.
I have been thinking more on this and wanted to know if you could append new hosts instead of overwriting the lookup table? This would be useful when you decommission a host in nagios but you still want to see it appear in the hostname list in Splunk to refer to historical data :)
👍
I like that idea!
On Sep 5, 2013, at 1:31 AM, Luke Harris notifications@github.com wrote:
I have been thinking more on this and wanted to know if you could append new hosts instead of overwriting the lookup table? This would be useful when you decommission a host in nagios but you still want to see it appear in the hostname list in Splunk to refer to historical data :)
—
Reply to this email directly or view it on GitHub.