×


How to Manage Indices in Nagios Log Server - Do this now ?

Are you trying to Manage Indices in Nagios Log Server?

This guide is for you.

An index in Nagios Log Server is how the Elasticsearch database stores log data. The log data is spread across the instances using the Elasticsearch database.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to handle Nagios Log servers.
In this context, we shall look into how to manage indices in Nagios Log Server.

How to manage indices in Nagios log server ?

Before going into the details for managing indices, we will have a glimpse of what Indices is.

What does Index / Indices in Nagios means ?

Nagios Log Server creates an index for every day of the year. As a result, it becomes easy to age out old data when no longer required.
Each index contains 5 Shards.

A shard is a portion of the log data in that index.
Elasticsearch spreads the data out for redundancy and replication with Shards and Replicas.
Generally, when an index contains 5 shards and 1 replica. If one of Nagios Log Server instances has a disk failure we can recover it with the help of the copy of shards.

This will be available in another instance.

Steps to manage indices in Nagios log server:

1. Index Status

For managing Nagios Log Server Indices we can go to Admin and take System then Index Status.

Also, the index status page allows administrators to see the current statistics and behavior of their Nagios Log Server indices.


2. Index Statistics
We can check the statistics, it allows us to see the following aspects:
i. The number of indices in our instance
ii. Total documents over all our indices
iii. The total shards in the index
iv. Number of shards that were successful, and the primary and total size of the index.

Seeing the statistics of our index can be useful if we plan to add, remove or temporarily remove an instance.
Furthermore, it gives us a good idea of the number of files, shards, and disk space an index is using.

3. Indices
The Indices table shows the indices that have been created.
Each index has the following information about it:
1. Index
The first column is the index name.
2. # Docs
It shows how many documents each index currently contains.
3. Primary Size
The actual size of the index is the primary size.
4. # Shards
The number of primary shards that have been allocated to the index.
5 # Replicas
The number of replicas assigned to the index.
6. Action
This column allows to perform the following actions to an index:
a) Closing an index
It means that the log data will no longer be searched in queries. However, it will not replicate across instances.
b) Opening an index
It will allow the log data to be searched in queries.
c) Delete the index entirely
We can click an index to see the following details:
1. The number of documents the index is made up of, shards, indices, and the total size of the index
2. Search Totals
3. Get Totals
4. Documents
5. Indexing Totals
6. Operations

Advanced Management of Indices in Nagios

If we need more details regarding the indices, we can execute few commands in the terminal.
We can check the index shard status using the following command:

$ curl -XGET 'http://localhost:9200/_cat/shards/?v'

To check the status of a specific index we specify the name of the index as given in the following command:

$ curl -XGET 'http://localhost:9200/_cat/shards/logstash-2017.10.31?v'

When one of the Nagios Log Server instances is offline, it will be seen as UNASSIGNED.

[Need assistance in fixing Nagios errors? We can help you. ]


Conclusion

This article covers how to manage indices in Nagios log server. An index in Nagios Log Server is how the Elasticsearch database stores log data. Nagios Log Server creates and index for every day of the year, this makes it easy to age out old data when no longer required.
Nagios Log Server is a clustered application, it consists of one or more instances of Nagios Log Server. An instance is an installation of Nagios Log Server, it participates in the cluster and acts as a location for the received log data to reside. The log data is spread across the instances using the Elasticsearch database, a special database used by Nagios Log Server.