Hello All,
I've a simple requirement and now it seems complex to achieve this in kibana and not sure how data can be handled here to show desired result.
There are multiple tomcat servers sending there status in tomcat-index with field usecaseStatus:"Healthy" or "Critical". The data is coming through perl business logic and Logstash config process this.
Now I want for example any of the tomcat hosted on server 1, server2, server 3 becomes then overall usecaseStatus should be CRITICAL.
Now issue is any of the Server will send healthy status then it shows wrong data that tomcat is healthy.
Intention is to show visual with HEALTHY or CRITICAL Status---But overall tomcat status should be critical if any of the host showing Critical
Consider 1 server showing Heathy and Other Critical then TOP HIT will show "Healthy status" at times- which is wrong. Any of the server tomcat is critical then overall status is critical , else Healthy.
input {
exec {
command => '$APP/ms/scripts/monitoring_oore.ksh -c $RPCM_CONFIG/mis/globalconfiguration.properties -e yc_tomcat_monitoring.pl'
schedule => "*/10 * * * * *"
}
}
filter {
split {}
if [message] =~ "^\{.*\}[\s\S]*$" {
json {
source => "message"
target => "parsed_json"
remove_field => "message"
}
split {
field => "[parsed_json][cis]"
target => "tomcat"
remove_field => [ "parsed_json" ]
}
if [tomcat][memory_status] == "Critical" or [tomcat][error_status] == "Critical" or [tomcat][request_status] == "Critical" or [tomcat][server_status] == "DOWN" {
mutate {
add_field => {
"usecaseStatus" => "Critical"
"usecaseCategory" => "Tomcat"
}
}
} else {
# Set default values if no critical conditions
mutate {
add_field => {
"usecaseStatus" => "Healthy"
"usecaseCategory" => "Tomcat"
}
}
}
mutate { remove_field => [ "[event][original]" ] }
}
else {
drop { }
}
}
Required: Critical Red else Healthy Green
