Icinga integration with ELK

mohammed.sabil · November 29, 2021, 7:10am

Hello All / @widhalm_t
I need your suggestion/assistance here to send the logstash logs to Icinga for monitoring purpose.

Let me explain you my environment and scenario.

We are using ubuntu 20.4

I have ELK stack running on one server and have Filebaat is running other 3 servers. I am able to gather the logs on Kibana Dashboard using filebeat. Everything working fine so far.

Now I have send the logstash logs which I am getting through the filebeat. I have to configure the Iciniga2 on my ELK Stack.

I have installed and configure the Icinga2 and icingaweb on server where ELK stack is running.

Now I following the following link to use Elasticsearch module to send the logstash data to Icinga.

icingaweb2-module-elasticsearch/doc at master · Icinga/icingaweb2-module-elasticsearch (github.com)

What I did is I have enable the Elasticsearch module on server and then from Icingaweb GUI I have configure the Elasticsearch where I have created and instance and eventtype.

I have given the hostip:9200 as URI while creating and instance and elastic user and password which I use to loging to kibana dashboard. In Eventtype I have given index details and IP address of host where ELK stack running and field I have used @timestamp just for testing purpose.

When I checked in icinga I am unable to find anything related to Elasticsearch.
I can see the Elasticsearch module is enable and when I try to run the following command I am getting an error instance not found

icingacli elasticsearch --instance elasticsearch check.

Can you please assist me here ? what is missing here or do I need to make any other configuration to work icinga and ELK integration.

instance.ini

[Elasticsearch]
uri = "http://IPaddresofelkstack:9200"
user = "elastic"
password = "**********"
ca = ""
client_certificate = ""
client_private_key = ""

eventtype.ini

[Elasticsearch]
instance = "elasticsearch"
index = "filebeat-*"
filter = "*"
fields = "@timestamp, message"

Getting an error after executing the following command.

icingacli elasticsearch check --instance Elasticsearch --crit 5 --warn 3 --index filebeat-* --filter "beat.hostname=hostname AND severity=critical" --from -1h
UNKNOWN - count(): Parameter must be an array or an object that implements Countable

Thank you so much in advance!

system · December 27, 2021, 7:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ELK (Docker-compose) integration with Iciniga2 Elasticsearch docker , integrations	3	352	November 24, 2021
Get logs from different EC2 instance Elasticsearch beats-module	4	1604	October 7, 2019
Filebeat module + log tracking Logstash elastic-stack-monitoring	2	287	June 26, 2019
Docker nginx elasticsearch Beats docker	7	451	March 15, 2024
Logstash can't send logs to ES Logstash	5	1285	September 1, 2017

Icinga integration with ELK

Related topics