Hi there,
Kibana is not intended for monitoring. Monitoring tells us what is
happening now. Kibana/elasticsearch is intended for historical
related purpose, and that is very usefull as we know here.
We have build a combination of Graylog2/Elasticsearch/Kibana
in the following manner.
Nagios/check_mk is on a centos server. By default all service
and host events (the rest is suppressed thru nagios.conf) are
directed to /var/log/messages.
Only the nagios events are forwarded to Graylog2 with the
following rule:
$template GRAYLOGRFC5424,"<%pri%>%protocol-version%
%timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"
if $programname == ‘nagios’ then
@@10.64.91.18:8100;GRAYLOGRFC5424
At the input at graylog2 we extract the hostname and the service
messages, and whatever you want further to make is possible to
have some statistical views on the monitoring.
All data is stored in elasticsearch, and if wanted one can make
dashboards in graylog2. Dashboard and search capabilities with
Kibana are nicer, so we connect it to the graylog2 instance, and
are having a historical view on what is happening. Kibana gives
the possibility to see trends on what is happening. It all depends
on well configured alerts ofcource, but the trends can be used to
finetune those alerts. All in near real time.
Great advantage of this setup is that we can now do monitoring on
applications on there log-files, and do this in near real time over
the entire application server landscape. All loggins in one place, so
that correlation of events in your landscape is easy.
In my opinion this combination is the future in system monitoring,
and already happening now.
Allso take al look @ OpenSoc http://opensoc.github.io
hth,
Arie.