07. 02. 2018 Juergen Vigna Log Management, Log-SIEM, NetEye

Harmonize Your Monitoring with Your Elasticsearch Database Entries

If you have an Elasticsearch Database like the one in the NetEye Elastic Stack Module then you are surely interested in integrating this information into your Monitoring environment.  To do this, use this new plugin:

check_elasticsearch_query

# /data/neteye/usr/lib/nagios/plugins/local/check_elasticsearch_query --help
Check a count of number of events fount in elasticsearch over a query and timeframe
Usage:  [-H ] [-p ] -q  [-t ] [-w ] [-c ]
  -h, --help    : this help
  -V, --version : program version
  -H, --host    : host/address of elasticsearch (default: localhost)
  -p, --port    : tcp port of elasticsearch (default: 9200)
  -i, --index   : elasticsearch index name (default: logstash-*)
  -q, --query   : elasticsearch query string
  -t, --time    : timeframe for search from now back f.ex. 1h or 1d (default: 1h)
  -w, --warning : warning count  (default: not checked)
  -c, --critical: critical count (default: not checked)

check_elasticsearch_query -  - Copyright Juergen Vigna - Wuerth Phoenix srl.

This Monitoring plugin comes with no warranty. You can use and distribute it
under terms of the GNU General Public License Version 2 (GPL V2) or later.

Construct your filter with your Elasticsearch frontend (e.g., Kibana) and then use this filter to find entries in your Elasticsearch Database.  Here’s an example of what you can do:

/usr/lib/nagios/plugins/check_elasticsearch_query -q "host_group: Network AND facility: OSPF" -t "24h" -w 1 -c 16

This filter will sound the alarm if it finds more than a certain number of warning/critical entries in the selected time frame.  The output also contains performance data, so you can see in your performance analysis when and how often entries occur.

Enjoy monitoring your Elasticsearch Database!

Juergen Vigna

Juergen Vigna

NetEye Solution Architect at Würth IT Italy
I have over 20 years of experience in the IT branch. After first experiences in the field of software development for public transport companies, I finally decided to join the young and growing team of Würth Phoenix (now Würth IT Italy). Initially, I was responsible for the internal Linux/Unix infrastructure and the management of CVS software. Afterwards, my main challenge was to establish the meanwhile well-known IT System Management Solution WÜRTHPHOENIX NetEye. As a Product Manager I started building NetEye from scratch, analyzing existing open source models, extending and finally joining them into one single powerful solution. After that, my job turned into a passion: Constant developments, customer installations and support became a matter of personal. Today I use my knowledge as a NetEye Senior Consultant as well as NetEye Solution Architect at Würth Phoenix.

Author

Juergen Vigna

I have over 20 years of experience in the IT branch. After first experiences in the field of software development for public transport companies, I finally decided to join the young and growing team of Würth Phoenix (now Würth IT Italy). Initially, I was responsible for the internal Linux/Unix infrastructure and the management of CVS software. Afterwards, my main challenge was to establish the meanwhile well-known IT System Management Solution WÜRTHPHOENIX NetEye. As a Product Manager I started building NetEye from scratch, analyzing existing open source models, extending and finally joining them into one single powerful solution. After that, my job turned into a passion: Constant developments, customer installations and support became a matter of personal. Today I use my knowledge as a NetEye Senior Consultant as well as NetEye Solution Architect at Würth Phoenix.

Latest posts by Juergen Vigna

16. 10. 2025 NetEye, Unified Monitoring
Control the Update Status of Your NagVis Maps
22. 05. 2025 NetEye, Unified Monitoring
Automatic Integration of NagVis Map into Icinga Web 2/NetEye Monitoring
24. 01. 2025 ITOA, NetEye, Unified Monitoring
Monitoring NetApp Storage Devices over a RESTful API
20. 12. 2024 Unified Monitoring
Using Special Context Actions in Maps (NagVis)
30. 08. 2024 Log-SIEM, NetEye, Unified Monitoring
Monitor your Elasticsearch Shards Count
See All

Related Content

Tags: ,

01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More
27. 11. 2025 NetEye

Deploying a Podman Container for NetEye Plugin Execution

This document describes the steps required to build, configure, and operate a Podman container based on php:8.2-cli, with the SNMP extension enabled, intended for executing monitoring plugins within a NetEye/Icinga environment. Pulling the base image podman pull docker.io/php:8.2-cli Containerfile for Read More
16. 09. 2025 DevOps, Kubernetes

Monitoring DBs through PMM: a Migration to OpenShift

Hi 😀 Today I'd like to explore with you a migration that we performed to a service that's used internally to monitor the performance of various DBs, gathering data that's especially useful for troubleshooting. This tool is the Percona Monitoring Read More
21. 03. 2025 NetEye, Unified Monitoring

How to Create a Serial Modem Emulation Service on NetEye

In some test or development environments, you may need to simulate the presence of GSM modems without having an actual physical device. This can be useful for example when testing monitoring checks, SMS management systems, or creating new notification rules. Read More
03. 12. 2024 ITOA, NetEye

Grafana 11 Compatibility

Scenario NetEye 4 provides a graphical engine to represent time series monitoring data stored in an Influx database: the Grafana engine accessible through the ITOA menu on the left hand side. Grafana is very powerful: it consists of a dashboard Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive