Indices and Queries

[rocheryderm]

Hello

First allow me to say that the current Nagios looks *awesome*! Still running a v3.5 build and the differences and improvements are fantastic.

I'm tinkering with the latest NLS VM I downloaded a few days ago, and am impressed with how easy it is to install, but I'm looking for the legendary customization abilities...

Specifically, I don't want to have to manage any more Elasticsearch clusters than necessary. We have one already, but I love the NLS features so much I'd like to ditch it in favor of NLS. So far, I have figured out how to redirect my existing Logstash servers to send to the NLS Elasticsearch server. This made me happy!

I can also create dashboards and queries against the new indices (non "Logstash-") that are being created. Also very cool!

However, I am trying to figure out how to save queries that can be acted upon by Alerts from either NLS or Nagios XI -- it appears built-in logging queries/alerting only act upon the '[logstash-]YYYY.MM.DD' indices, is that correct?

Is there anyway to build an alert-servicecheck against custom indices like '[filebeat-]YYYY.MM.DD'?

I'm not afraid to use vi, just point the way! It's also OK to tell me that NLS won't work for me, but this will make me SAD! I'd love to hear how anyone is using Nagios XI to query logs in non-NLS Elasticsearch clusters too.

Thanks in advance!

Mike

[npolovenko]

Hello, @rocheryderm. I'm glad you liked the new design and features in the Log Server!

Unfortunately, you're right. There is no way to way to specify a logstash index in the alert query, as of right now.
I submitted a feature request on your behalf to add this functionality.
Please keep in mind that the decision to implement the enhancement is at the discretion of our development team.

Please let me know if you can think of any other improvements.
Thank you!

[rocheryderm]

Thanks for the speedy response, @npolovenko

It would mean a lot if someone at Nagios (or the community) could direct me on how to link Nagios service checks to Elasticsearch queries. I've done a lot of Googling over the past 12 months during our Elasticsearch proof-of-concept, and haven't found as nice a feature as is built into Nagios/NLS.

Is there any code that can be shared with me? Or can anyone help with hints?

Perhaps there is something I can edit on NLS under the covers that will save me some time reinventing the wheel, and allow me to make use of this product and support the value proposition it has for us? We're looking at a 4-node instance to start, with continuing year-after-year support and maintenance.

Thanks

Mike

[mcapra]

The check_elasticsearch plugin can handle generic queries against an ElasticSearch index (or indices):
https://github.com/misiupajor/check_elasticsearch

It's thresholds/perfdata are based on raw document counts.

The Nagios Log Server wizard included with Nagios XI does roughly the same things, but with authentication and index naming specific to Nagios Log Server.

[npolovenko]

Thanks, @mcapra!
I submitted a feature request to add the functionality.

@rocheryderm, Are we ready to lock this thread?

[rocheryderm]

Yes @npolovenko, it can be locked. I appreciate the free support I've gotten so far.

If I have questions about the tools mentioned I'll open separate topics.

[npolovenko]

Sounds good, @rocheryderm. Thank you for using the support forum!