Wondering how to Manage Indices in Nagios Log Server? We can help you.

An index in Nagios Log Server is how the Elasticsearch database stores log data. The log data is spread across the instances using the Elasticsearch database.

Here at Bobcares, we handle Nagios Log servers of our customers as a part of Server Management Services. Today let’s see how to manage indices in Nagios Log Server.

How to manage indices in Nagios log server

Before going into the details for managing indices, we will have a glimpse of what Indices is.

Index/Indices in Nagios

Nagios Log Server creates an index for every day of the year. As a result, it becomes easy to age out old data when no longer required.

Each index contains 5 Shards. A shard is a portion of the log data in that index. Elasticsearch spreads the data out for redundancy and replication with Shards and Replicas.

Generally, when an index contains 5 shards and 1 replica. If one of Nagios Log Server instances has a disk failure we can recover it with the help of the copy of shards. This will be available in another instance.

Steps to manage indices in Nagios log server

Index Status

For managing Nagios Log Server Indices we can go to Admin and take System then Index Status.

Also, the index status page allows administrators to see the current statistics and behavior of their Nagios Log Server indices.

Index Statistics

We can check the statistics, it allows us to see the following aspects:

1. The number of indices in our instance

2. Total documents over all our indices

3. The total shards in the index

4. Number of shards that were successful, and the primary and total size of the index.

Seeing the statistics of our index can be useful if we plan to add, remove or temporarily remove an instance.

Furthermore, it gives us a good idea of the number of files, shards, and disk space an index is using.

Indices

The Indices table shows the indices that have been created.

Each index has the following information about it:

1. Index

The first column is the index name.

2. # Docs

It shows how many documents each index currently contains.

3. Primary Size

The actual size of the index is the primary size.

4. # Shards

The number of primary shards that have been allocated to the index.

5 # Replicas

The number of replicas assigned to the index.

6. Action

This column allows to perform the following actions to an index:

a) Closing an index

It means that the log data will no longer be searched in queries. However, it will not replicate across instances.

b) Opening an index

It will allow the log data to be searched in queries.

c) Delete the index entirely

We can click an index to see the following details:

1. The number of documents the index is made up of, shards, indices, and the total size of the index
2. Search Totals
3. Get Totals
4. Documents
5. Indexing Totals
6. Operations

Advanced Management

If we need more details regarding the indices, we can execute few commands in the terminal.

We can check the index shard status using the following command:

curl -XGET 'http://localhost:9200/_cat/shards/?v'

To check the status of a specific index we specify the name of the index as given in the following command:

curl -XGET 'http://localhost:9200/_cat/shards/logstash-2017.10.31?v'

When one of the Nagios Log Server instances is offline, it will be seen as UNASSIGNED.

[Need assistance? We can help you]

Conclusion

In short, we saw how our Support Techs manage indices in Nagios log server.