Nagios Support Forum

Good Morning,

I am trying to monitor the status of my NagiosLS Logstash from my NagiosXI. My LS is up and running perfectly according to the GUI, and running "system logstash status" in the CLI confirms that Logstash is running. However, XI is showing "CRITICAL: logstash is stopped (should be running)". I am using this command to monitor the service (this is the same command I am using for Elasticsearch, which returns correctly):
"check_xi_ncpa!-t <my token> -P <my port> -M services -q service=logstash,status=running"

Thanks. Any help would be appreciated.

What is the output of:
?

Does the PID returned in that response match the ID returned by "system logstash status" ? If you run either of the commands multiple times, does the PID in the output change ?

Are there any errors/warnings in /var/log/logstash/logstash.log ?

When I ran the curl command, I got two pids, one for each instance of our logserver cluster. The numbers did match the pids shown when running a status check on each instance, and they did not change when running the commands multiple times. There are errors in my logstash.log file, most of which are "A plugin had an unrecoverable error"

If you force the check on the XI side, do you see the Last Check time change?

Please provide a screenshot of the service's Advanced tab as well as the output of this command run from the command line: