Skip to content

NETWAYS/check_elasticsearch

Repository files navigation

check_elasticsearch

Icinga check plugin to check the health status of an Elasticsearch cluster or the total hits/results of an Elasticsearch query.

Usage

Usage:
  check_elasticsearch [flags]
  check_elasticsearch [command]

Available Commands:
  health      Checks the health status of an Elasticsearch cluster
  query       Checks the total hits/results of an Elasticsearch query

Flags:
  -H, --hostname string   Hostname of the Elasticsearch instance (CHECK_ELASTICSEARCH_HOSTNAME) (default "localhost")
  -p, --port int          Port of the Elasticsearch instance (default 9200)
  -U, --username string   Username for HTTP Basic Authentication (CHECK_ELASTICSEARCH_USERNAME)
  -P, --password string   Password for HTTP Basic Authentication (CHECK_ELASTICSEARCH_PASSWORD)
  -S, --tls               Use a HTTPS connection
      --insecure          Skip the verification of the server's TLS certificate
      --ca-file string    Specify the CA File for TLS authentication (CHECK_ELASTICSEARCH_CA_FILE)
      --cert-file string  Specify the Certificate File for TLS authentication (CHECK_ELASTICSEARCH_CERT_FILE)
      --key-file string   Specify the Key File for TLS authentication (CHECK_ELASTICSEARCH_KEY_FILE)
  -t, --timeout int       Timeout in seconds for the CheckPlugin (default 30)
  -h, --help              help for check_elasticsearch
  -v, --version           version for check_elasticsearch

The check plugin respects the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY.

Various flags can be set with environment variables, refer to the help to see which flags.

Health

Checks the health status of an Elasticsearch cluster.

Usage:
  check_elasticsearch health

The cluster health status is:
  green = OK
  yellow = WARNING
  red = CRITICAL

Examples:

Elasticsearch cluster with green status (all nodes are running):

$ check_elasticsearch health -U exampleuser -P examplepassword -S --insecure
[OK] - Cluster es-example-cluster is green | status=0 nodes=3 data_nodes=3 active_primary_shards=10 active_shards=20

Elasticsearch cluster with yellow status (not all nodes are running):

$ check_elasticsearch health -U exampleuser -P examplepassword -S --insecure
[WARNING] - Cluster es-example-cluster is yellow | status=1 nodes=2 data_nodes=2 active_primary_shards=10 active_shards=13```

Query

Checks the total hits/results of an Elasticsearch query.

Hint: The plugin is currently capable to return the total hits of documents based on a provided query string.

Usage:
  check_elasticsearch query [flags]

Flags:
  -q, --query string      The Elasticsearch query
  -I, --index string      Name of the Index which will be used (default "_all")
  -k, --msgkey string     Message of messagekey to display
  -m, --msglen int        Number of characters to display in the latest message (default 80)
  -w, --warning string    Warning threshold for total hits (default "20")
  -c, --critical string   Critical threshold for total hits (default "50")
  -h, --help              help for query

Examples:

Search for total hits without any message:

$ check_elasticsearch query -q "event.dataset:sample_web_logs and @timestamp:[now-5m TO now]" -I "kibana_sample_data_logs"
[CRITICAL] - Total hits: 14074 | total=14074;20;50

Search for total hits with message:

$ check_elasticsearch query -q "event.dataset:sample_web_logs and @timestamp:[now-5m TO now]" -I "kibana_sample_data_logs" -k "message"
[CRITICAL] - Total hits: 14074
30.156.16.163 - - [2018-09-01T12:44:53.756Z] "GET /wp-content/plugins/video-play
 | total=14074;20;50

Ingest

Checks the ingest statistics of Ingest Pipelines. Thresholds check against errors of an Elasticsearch Ingest Pipeline.

Checks the ingest statistics of Ingest Pipelines

Usage:
  check_elasticsearch ingest [flags]

Flags:
      --pipeline string          Pipeline Name
      --failed-warning string    Warning threshold for failed ingest operations. Use min:max for a range. (default "10")
      --failed-critical string   Critical threshold for failed ingest operations. Use min:max for a range. (default "20")
  -h, --help                     help for ingest

Examples:

check_elasticsearch ingest --failed-warning 5 --failed-critical 10
[WARNING] - Ingest operations may not be alright
  \_[WARNING] Failed ingest operations for mypipeline: 6; | pipelines.mypipeline.failed=6c

check_elasticsearch ingest --pipeline foobar
[OK] - Ingest operations alright
  \_[OK] Failed ingest operations for foobar: 5; | pipelines.foobar.failed=5c

Snapshot

Checks status of Snapshots.

Checks the status of Elasticsearch snapshots
The plugin maps snapshot status to the following status codes:

SUCCESS, Exit code 0
PARTIAL, Exit code 1
FAILED, Exit code 2
IN_PROGRESS, Exit code 3

If there are multiple snapshots the plugin uses the worst status

Usage:
  check_elasticsearch snapshot [flags]

Flags:
  -a, --all                         Check all retrieved snapshots. If not set only the latest snapshot is checked
  -N, --number int                  Check latest N number snapshots. If not set only the latest snapshot is checked (default 1)
  -r, --repository string           Comma-separated list of snapshot repository names used to limit the request (default "*")
  -s, --snapshot string             Comma-separated list of snapshot names to retrieve. Wildcard (*) expressions are supported (default "*")
  -T, --no-snapshots-state string   Set exit code to return if no snapshots are found. Supported values are 0, 1, 2, 3, OK, Warning, Critical, Unknown (case-insensitive - default "Unknown")
  -h, --help                        help for snapshot

Examples:

$ check_elasticsearch snapshot
[OK] - All evaluated snapshots are in state SUCCESS

$ check_elasticsearch snapshot --all -r myrepo
[CRITICAL] - At least one evaluated snapshot is in state FAILED

$ check_elasticsearch snapshot --number 5 -s mysnapshot
[WARNING] - At least one evaluated snapshot is in state PARTIAL

License

Copyright (c) 2022 NETWAYS GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see gnu.org/licenses.