I am parsing syslog data from an ASA to monitor VPN.
I've updated the plugin from https://exchange.nagios.org/directory/A ... ng/details to match my filtering.
I've got most of it working but I can't get histograms of transmit / receive to work.
At first I was getting a casting exception that was giving me a full error of the two types, unfortunately I didn't save that.
I tried mutating and that didn't work, tried mutating to a new field and got the same.
So then I tried adding an elasticsearch script to the dashboard xml, which got rid of the casting error but left me with:
FacetPhaseExecutionException[Facet[0]: [interval] is required to be set for histogram facet
The query that generated that error is attached.
After that I tried modifying my grok pattern to be set for type int. Now I'm seeing ClassCastException with no additional detail.
Also attached is the current dashboard json.
This is for a POV so any help is greatly appreciated.
Histogram issues with number fields
-
- Posts: 3
- Joined: Wed Aug 16, 2017 4:45 pm
Histogram issues with number fields
You do not have the required permissions to view the files attached to this post.
-
- Posts: 3
- Joined: Wed Aug 16, 2017 4:45 pm
Re: Histogram issues with number fields
So I was able to fix this via mutate/convert, not sure why it didn't work the first time.
New question though.
Is there a way to use field values to create a query dynamically in the dashboard json?
IE. The current graph shows bytes xmt per interval using @timestamp and value field bxmt, but the queries match VPN disconnect types. These types are all known and useful for the other portions of the dashboard.
What I'd like to do is use the same bytes xmt graph but on a queries that would match each user, thereby creating a stacked graph of each users xmt over time.
The problem is I don't know to generate the query to search for each username found over the time span without adding them manually.
New question though.
Is there a way to use field values to create a query dynamically in the dashboard json?
IE. The current graph shows bytes xmt per interval using @timestamp and value field bxmt, but the queries match VPN disconnect types. These types are all known and useful for the other portions of the dashboard.
What I'd like to do is use the same bytes xmt graph but on a queries that would match each user, thereby creating a stacked graph of each users xmt over time.
The problem is I don't know to generate the query to search for each username found over the time span without adding them manually.
-
- Support Tech
- Posts: 5045
- Joined: Tue Feb 07, 2017 11:26 am
Re: Histogram issues with number fields
Hi RichH,
Are you able to share screenshot and some sample data that we can import and test with? I don't know if this is doable off hand but I can certain look into it if we can get some sample data.
Are you able to share screenshot and some sample data that we can import and test with? I don't know if this is doable off hand but I can certain look into it if we can get some sample data.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Posts: 3
- Joined: Wed Aug 16, 2017 4:45 pm
Re: Histogram issues with number fields
Here's a capture of the dashboard
But it's not possible from log server as far as I know. Would it be possible in fusion? Not familiar with that product.
I've been told I could use a custom wrapper in XI to replicate the dashboard but it could be time consuming to get right, haven't looked into it yet.
Let me know if I can upload anything else that would be helpful.
Thanks!
Another thing I'd like to do is send the dashboard as an email, like in XI.But it's not possible from log server as far as I know. Would it be possible in fusion? Not familiar with that product.
I've been told I could use a custom wrapper in XI to replicate the dashboard but it could be time consuming to get right, haven't looked into it yet.
Let me know if I can upload anything else that would be helpful.
Thanks!
You do not have the required permissions to view the files attached to this post.
-
- Support Tech
- Posts: 5045
- Joined: Tue Feb 07, 2017 11:26 am
Re: Histogram issues with number fields
Sorry - should have been more clear when asking about sample data. Can you PM me the actual logs? I want to make sure I'm testing this as closely as possible 

As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
- Support Tech
- Posts: 5045
- Joined: Tue Feb 07, 2017 11:26 am
Re: Histogram issues with number fields
For people who may have the same question, you can use topN in the query:
You do not have the required permissions to view the files attached to this post.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.