Icinga integration with ELK

mohammed.sabil · November 29, 2021, 7:10am

Hello All / @widhalm_t
I need your suggestion/assistance here to send the logstash logs to Icinga for monitoring purpose.

Let me explain you my environment and scenario.

We are using ubuntu 20.4

I have ELK stack running on one server and have Filebaat is running other 3 servers. I am able to gather the logs on Kibana Dashboard using filebeat. Everything working fine so far.

Now I have send the logstash logs which I am getting through the filebeat. I have to configure the Iciniga2 on my ELK Stack.

I have installed and configure the Icinga2 and icingaweb on server where ELK stack is running.

Now I following the following link to use Elasticsearch module to send the logstash data to Icinga.

icingaweb2-module-elasticsearch/doc at master · Icinga/icingaweb2-module-elasticsearch (github.com)

What I did is I have enable the Elasticsearch module on server and then from Icingaweb GUI I have configure the Elasticsearch where I have created and instance and eventtype.

I have given the hostip:9200 as URI while creating and instance and elastic user and password which I use to loging to kibana dashboard. In Eventtype I have given index details and IP address of host where ELK stack running and field I have used @timestamp just for testing purpose.

When I checked in icinga I am unable to find anything related to Elasticsearch.
I can see the Elasticsearch module is enable and when I try to run the following command I am getting an error instance not found

icingacli elasticsearch --instance elasticsearch check.

Can you please assist me here ? what is missing here or do I need to make any other configuration to work icinga and ELK integration.

instance.ini

[Elasticsearch]
uri = "http://IPaddresofelkstack:9200"
user = "elastic"
password = "**********"
ca = ""
client_certificate = ""
client_private_key = ""

eventtype.ini

[Elasticsearch]
instance = "elasticsearch"
index = "filebeat-*"
filter = "*"
fields = "@timestamp, message"

Getting an error after executing the following command.

icingacli elasticsearch check --instance Elasticsearch --crit 5 --warn 3 --index filebeat-* --filter "beat.hostname=hostname AND severity=critical" --from -1h
UNKNOWN - count(): Parameter must be an array or an object that implements Countable

Thank you so much in advance!

system · December 27, 2021, 7:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.