Skip to content

NETWAYS/check_elasticsearch

Folders and files

NameName
Last commit message
Last commit date
Feb 17, 2025
Oct 21, 2024
Feb 6, 2023
Sep 27, 2024
Nov 28, 2022
Feb 17, 2025
Jul 1, 2024
Nov 25, 2021
Jun 13, 2023
Oct 21, 2024
Feb 17, 2025
Feb 17, 2025
Sep 28, 2023

Repository files navigation

check_elasticsearch

Icinga check plugin to check the health status of an Elasticsearch cluster or the total hits/results of an Elasticsearch query.

Usage

Usage:
  check_elasticsearch [flags]
  check_elasticsearch [command]

Available Commands:
  health      Checks the health status of an Elasticsearch cluster
  query       Checks the total hits/results of an Elasticsearch query

Flags:
  -H, --hostname string   Hostname of the Elasticsearch instance (CHECK_ELASTICSEARCH_HOSTNAME) (default "localhost")
  -p, --port int          Port of the Elasticsearch instance (default 9200)
  -U, --username string   Username for HTTP Basic Authentication (CHECK_ELASTICSEARCH_USERNAME)
  -P, --password string   Password for HTTP Basic Authentication (CHECK_ELASTICSEARCH_PASSWORD)
  -S, --tls               Use a HTTPS connection
      --insecure          Skip the verification of the server's TLS certificate
      --ca-file string    Specify the CA File for TLS authentication (CHECK_ELASTICSEARCH_CA_FILE)
      --cert-file string  Specify the Certificate File for TLS authentication (CHECK_ELASTICSEARCH_CERT_FILE)
      --key-file string   Specify the Key File for TLS authentication (CHECK_ELASTICSEARCH_KEY_FILE)
  -t, --timeout int       Timeout in seconds for the CheckPlugin (default 30)
  -h, --help              help for check_elasticsearch
  -v, --version           version for check_elasticsearch

The check plugin respects the environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY.

Various flags can be set with environment variables, refer to the help to see which flags.

Health

Checks the health status of an Elasticsearch cluster.

Usage:
  check_elasticsearch health

The cluster health status is:
  green = OK
  yellow = WARNING
  red = CRITICAL

Examples:

Elasticsearch cluster with green status (all nodes are running):

$ check_elasticsearch health -U exampleuser -P examplepassword -S --insecure
[OK] - Cluster es-example-cluster is green | status=0 nodes=3 data_nodes=3 active_primary_shards=10 active_shards=20

Elasticsearch cluster with yellow status (not all nodes are running):

$ check_elasticsearch health -U exampleuser -P examplepassword -S --insecure
[WARNING] - Cluster es-example-cluster is yellow | status=1 nodes=2 data_nodes=2 active_primary_shards=10 active_shards=13```

Query

Checks the total hits/results of an Elasticsearch query.

Hint: The plugin is currently capable to return the total hits of documents based on a provided query string.

Usage:
  check_elasticsearch query [flags]

Flags:
  -q, --query string      The Elasticsearch query
  -I, --index string      Name of the Index which will be used (default "_all")
  -k, --msgkey string     Message of messagekey to display
  -m, --msglen int        Number of characters to display in the latest message (default 80)
  -w, --warning string    Warning threshold for total hits (default "20")
  -c, --critical string   Critical threshold for total hits (default "50")
  -h, --help              help for query

Examples:

Search for total hits without any message:

$ check_elasticsearch query -q "event.dataset:sample_web_logs and @timestamp:[now-5m TO now]" -I "kibana_sample_data_logs"
[CRITICAL] - Total hits: 14074 | total=14074;20;50

Search for total hits with message:

$ check_elasticsearch query -q "event.dataset:sample_web_logs and @timestamp:[now-5m TO now]" -I "kibana_sample_data_logs" -k "message"
[CRITICAL] - Total hits: 14074
30.156.16.163 - - [2018-09-01T12:44:53.756Z] "GET /wp-content/plugins/video-play
 | total=14074;20;50

Ingest

Checks the ingest statistics of Ingest Pipelines. Thresholds check against errors of an Elasticsearch Ingest Pipeline.

Checks the ingest statistics of Ingest Pipelines

Usage:
  check_elasticsearch ingest [flags]

Flags:
      --pipeline string          Pipeline Name
      --failed-warning string    Warning threshold for failed ingest operations. Use min:max for a range. (default "10")
      --failed-critical string   Critical threshold for failed ingest operations. Use min:max for a range. (default "20")
  -h, --help                     help for ingest

Examples:

check_elasticsearch ingest --failed-warning 5 --failed-critical 10
[WARNING] - Ingest operations may not be alright
  \_[WARNING] Failed ingest operations for mypipeline: 6; | pipelines.mypipeline.failed=6c

check_elasticsearch ingest --pipeline foobar
[OK] - Ingest operations alright
  \_[OK] Failed ingest operations for foobar: 5; | pipelines.foobar.failed=5c

Snapshot

Checks status of Snapshots.

Checks the status of Elasticsearch snapshots
The plugin maps snapshot status to the following status codes:

SUCCESS, Exit code 0
PARTIAL, Exit code 1
FAILED, Exit code 2
IN_PROGRESS, Exit code 3

If there are multiple snapshots the plugin uses the worst status

Usage:
  check_elasticsearch snapshot [flags]

Flags:
  -a, --all                         Check all retrieved snapshots. If not set only the latest snapshot is checked
  -N, --number int                  Check latest N number snapshots. If not set only the latest snapshot is checked (default 1)
  -r, --repository string           Comma-separated list of snapshot repository names used to limit the request (default "*")
  -s, --snapshot string             Comma-separated list of snapshot names to retrieve. Wildcard (*) expressions are supported (default "*")
  -T, --no-snapshots-state string   Set exit code to return if no snapshots are found. Supported values are 0, 1, 2, 3, OK, Warning, Critical, Unknown (case-insensitive - default "Unknown")
  -h, --help                        help for snapshot

Examples:

$ check_elasticsearch snapshot
[OK] - All evaluated snapshots are in state SUCCESS

$ check_elasticsearch snapshot --all -r myrepo
[CRITICAL] - At least one evaluated snapshot is in state FAILED

$ check_elasticsearch snapshot --number 5 -s mysnapshot
[WARNING] - At least one evaluated snapshot is in state PARTIAL

License

Copyright (c) 2022 NETWAYS GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see gnu.org/licenses.