Nagios Support Forum

Our Network engineer is trying to query information from 12/17 for a specific router. So when I enter the router hostname into the query and set a custom time, the graph is showing that there are documents from 12/17 but under all events
for the Host the IP is not the IP of the router and it doesn't display events back to 12/17.

If I narrow the custom date to just the 17th it will display the events but the logsource is from our nagios server. Shouldn't the source be the Syslog from the Router?

I'd recommend using a filter here instead of doing restriction by query. Filters are meant to filter your data, while queries are more of an 'I'm going to experiment and see what kind of data I can pull out' utility. I would do the following:

1. Set up a filter based on a single existing log from your router. Choose a unique field, normally the hostname/IP is a good choice: Then set up a custom time range - maybe make it a day or so. Every log that appears should be from your router.

Does that make sense? Let me know if the above is helpful.

Thanks. Yes this helped.
I need to get a better understanding of queries.

You might be interested in checking out this post I made about them, where I describe them in detail:
https://support.nagios.com/forum/viewto ... 38&t=36320