Icinga 2 Checks¶
This module brings an
icingacli command to check if certain events are present in Elasticsearch.
The following will check if there are more than 3 (warning) or 5 (critical) events of severity
critical from the host
www.example.com in the data from the last hour.
instanceis the same which was set in the modules configuration
- The values of
warnare just numerical thresholds
indexis set to an index pattern in Elasticsearch. It’s a pattern that has to match all index names to search
- As a
filterthe check takes a filter in Icinga Web 2’s filter syntax. These are comparisons of fields in Elasticsearch to values
# icingacli elasticsearch check --instance elasticsearch --crit 5 --warn 3 --index logstash* --filter "beat.hostname=www.example.com AND severity=critical" --from -1h