Energy Logserver – new level of integration

Energy Logserver, as a tool for managing large amounts of data, will always try to integrate with the largest possible amount of devices and data. We present a new solution that allows you to query Elasticsearch documents from the OP5 Monitor and Nagios level. Saved objects and documents can be used.
Thanks to this, we can obtain even more detailed data and make monitoring of IT infrastructure more consistent and readable.

What’s more, the scripts used for integration are issued under the Apache-2.0 license. We encourage you to use the hope that it will improve the quality of monitoring.

Project details and links below:

https://github.com/emca-it/check-elasticquery
https://github.com/emca-it/check-elasticquery/blob/master/check_elasticquery_6x.pl
https://github.com/emca-it/check-elasticquery/blob/master/check_elasticquery_7x.pl

This plugin check Elasticsearch query total documents. It is aimed to work with Energy Logserver, OP5 Log Analytics and is supposed to work with opensource Elasticsearch and x-pack.

Dependencies for Centos 7:
# yum install perl-Monitoring-Plugin perl-libwww-perl perl-LWP-Protocol-https perl-JSON perl-String-Escape perl-Data-Dumper

Usage
$ ./check_elasticquery.pl -U|--url= -i|--index=
[ -q|--query= ]
[ -S|--search= ]
[ -T|--timerange= ]
[--timefield=

Usage examples
Total documents in ‘beats*’ index for latest 24 hours. Latest 24 hours is default time range.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*'

Execute saved search named protection for latest 15 minutes. By default it checks @timestamp field, you can change it in –timefield option.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m'

As above plus show one latest document.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1

As above plus filter output to selected fields.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp

As above plus limit output fields value to 100 characters.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp -l 100

Execute lucene query.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -q 'beat.name:example.com' -T 'now:now-15m' -D 1 -f message,timestamp

Execute json query. Time range option wouldn’t work. You should define time range in query.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -j -q ' { "size": 0, "query": { "bool": { "must": [ { "query_string": { "query": "task:\"Special Logon\"", "analyze_wildcard": true, "default_field": "*" } }, { "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d" } } } ] } } } '

Energy Logserver major release 7.x

Energy Logserver major release 7.x

The latest Energy Logserver major release is now available. Most important change is that from now on Energy Logserver is based on version 7.3.2 Elasticsearch and Kibana.

We've also added new module - XLSX Import, which allows to import into Energy Logserver any csv or xlsx format file with data directly from GUI. Additional options cover creation of new index with custom mapping based on data in file.

We've also by default added curator into installation package for index management, along with custom icons for modules.

Read more in changelog below or at:
https://energy-log-server-7x.readthedocs.io/en/latest/CHANGELOG.html

  • migrated features from branch 6 [ latest:6.1.8 ]
  • XLSX import [kibana]
  • curator added to /usr/share/kibana/curator
  • node_modules updated! [kibana]
  • elasticsearch upgraded to 7.3.2
  • kibana upgraded to 7.3.2
  • dedicated icons for all kibana modules
  • eui as default framework for login,raports
  • bugfix: alerts type description fix