I started to monitor an elastic cluster (currently only one node) but I have a problem understanding the documentation (and other postings).
There is one article (blog article) which mentions to create a host without ip and without agent, use the special agent, query 127.0.0.1 and bind it to the cluster nodes => I do not get any information out of this (it just says pending)
There are several elastic topics in the setup (services, enforced services), all of them are just showing PENDING (for the check) and WARNING (for the missing agent output)
There is one topic (and maybe several others) (forum topic) which gives me a little bit more information about checking the results of the special agent but it still does not work as I understand the documentation.
My problem is that I thought that the special agent runs on the mentioned host and access the elasticsearch url locally. My tries show that that is not the case. I have to expose the elasticsearch url to access it from the monitoring host (not a security issue in this case but not what I expect).
So to summarize my (long) text: Is there something I do not understand (and configured therefore wrong) or is this something that the mentioned articels and topics are explaining wrong?
sorry, I still not get it. I understand your message but have still no idea on how to do this (based on the fact that there are one special agent and five different rules under discovery and enforced).
Do I need a plugin on the client and if not why not?
Which rule do I have to use and why?
And if there is a blog post about how to do it is it possible to put not only a description of the needed steps but also of the monitored environment in it (knowing that the blog post was maybe not written by someone of tribe29)?
Inside the blog article is all the relevant information is said. For the first step you have only to configure the special agent. With the special agent configured for your elasticsearch host you must get some services automatically.
After the configuration of the special agent you can check on the command line with cmk -D hostname if the special agent looks fine.
Example Output
Agent mode: Normal Checkmk agent, or special agent if configured
Type of agent:
Program: /omd/sites/<sitename>/share/check_mk/agents/special/agent_elasticsearch '-P' 'https' '-m' 'cluster_health nodes stats' '-u' 'user' '-s' 'password' '-p' '9200' 'SERVER'
You need to pay attention that this special agent don’t query the host the agent is assigned to. It is necessary to define one or more hostname. In the example this ist the hostname “SERVER”.
All the other rules are only needed if you want to define some limits or you want to define some checks that must be present (enforced services).
What makes it difficult for me is the fact that the article says “create host without ip” and also “monitor the elastic nodes also”. That led to my understanding that if I have an elastic node and it is already in the monitoring (as a normal host) than it would be possible to monitor the cluster from one (or all) of the nodes querying the locally available port (and therefore do not need to expose port 9200).
I am also not able to see an advantage in creating an elastic cluster for just seeing the elastic services but additionally also have all the nodes of said cluster.
As an additional question:
Would there be any other way to monitor a specific service from a monitored host?
This virtual host should be a representation for your elasticsearch cluster.
A normal elasticsearch cluster consists of X nodes and has no real cluster IP as a classic cluster.
The nodes should be monitored as every other server instance.
No - the special agent runs on your monitoring server and you define in the special agent all possible nodes this agent should query to get the cluster status.
The port should be no problem as every cluster should run with activated security and needs as a minimum a user and password and runs over SSL.
How would you manage changes in your cluster if you monitor the elasticsearch things on every node?
The virtual cluster host has the advantage that all cluster services are there on one host and all the data is fetched from one node. Fallback nodes can be defined to prevent false positive alarms if you do a maintenance on your cluster.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.
