Elastic search monitor

what is the the hostname or the IP address to be given under CHECK STATE OF ELASTICSEARCH (text box Hostnames to query)
and also what is the “Explicit host to given” under condition

is there any special agent plugin to be written
would it just be copying /omd/sites/limon/share/check_mk/agents/special/agent_elasticsearch to /usr/lib/check_mk_agent/plugins/? Do I need to do anything in WATO or will it know to just look at what’s in the directory?

Hi,

the Hostname to query is the Elasticsearch System where ES is running. The explicit Hosts is the Host where the result relatet to. In normal case the same.

Cheers,
Christian

Hello ChristianM,
For us 9200 port is not enabled . Is there any other work around for the same .
Once we enable the rule , other service under that host is getting affected and moving to critical state.

Thanks

You ca try run the special agent locally on the ES host with the needed CLI options as normal plugin. I think you need a wrapper script to set the options.
Cheers,
Christian

Hello ChristianM,

so would it just be copying /omd/sites/limon/share/check_mk/agents/special/agent_elasticsearch to /usr/lib/check_mk_agent/plugins/
or any other script we need to write

and what is this CLI option as normal plugin

Thanks
Jezna

The needed options you find when you run “agent_elasticsearch --help”.
Notice: This is not a normal plugin. If you run that as a plugin you need a wrapper script ike:

#!/usr/bin/bash
/usr/lib/check_mk_agent/plugins/agent_elasticsearch ....

Cheers,
Christian

Hello Christian M,

Can you please share me one example. for this .

Actually i followed the step metioned in the below link by creating rule . But because of port 9200 issue the whole service of that host moved to critical.

then now planning to
copying /omd/sites/limon/share/check_mk/agents/special/agent_elasticsearch to /usr/lib/check_mk_agent/plugins/

but what nit sure what changes to be done in the script. can you please share me any examples. if port is not working then how to create a plugin for this without any rule to be create in checkmk

Hi,

see usage of agent call:

usage: agent_elasticsearch [-h] [-u USER] [-s PASSWORD] [-P PROTO] [-p PORT]
                           [-m MODULES] [--debug]
                           HOSTNAME [HOSTNAME ...]

You can try:

agent_elasticsearch -p 9200 localhost

This is only before Version 1.6.
From my point of view, the best way is to make port 9200 available for remote using, if possible.

Cheers,
Christian

Hello ChristianM
while running “agent_elasticsearch -p 9200 localhost”

getting below error
“agent_elasticsearch: command not found”

our version is 7.19. So not working.

There is no other way to make this as plugin rather than enabling the port 9200. because the requirement is to make another way rather than enabling the port 9200

i am very new to this .Please help me with any other way other than this port enable .

what port is enabled for you? You can change the port in the datasource rule for elasticsearch.

You have to configure “Normal Checkmk agent, all configured special agents” for the host you use in “Explicit hosts” (Section “Data sources” - “Check_MK Agent”).

Did you made a service discovery on that host after your changes?

Hello rb,
Service discovery you mean full scan and automatic refresh (rasa) that Is done after changng the port in the check rule for elastic search .
After that host is showing ping issue .

every service of the host gone to unknown .

If we are giving port as 9200 in check rule for elastic search and doing full scan and refresh and activate affected changes , all other service move to unknown and only shows ping service only below is the screenshot for the same.

showing ping service only . Not any other service

It looks like your host is configured for “Normal Checkmk agent, or special agent if configured” you need to change this to “Normal Checkmk agent, all configured special agents”.
After you activated the Elasticsearch agent it gets no data anymore for the normal agent, that behavior is correct if the first option is selected for this host.

1 Like

After this change you go to the command line as the site user and make a “cmk -D hostname”
The output has some lines like this

Type of agent:          
  TCP: 192.168.0.1:6556

There should also be a line for your Elasticsearch special agent. This line can be executed manually for troubleshooting. You can also extend the option with a “–debug” switch to get a little bit more output.

Hello Andreas,

where I have to run the command ““cmk -D hostname”” in the Checkmk server or the host server in which elastic search rule is created.

when I run the command “cmk -D hostname” in Checkmk server in terminal it shows

cmk -D hostname(in which elastic search rule is created )

Command ‘cmk’ not found, but can be installed with:

snap install cloudmonkey"

You mean to do telnet “hostname” port number

Hello Andreas,

I have created a elastic search rule with “Normal Checkmk agent, all configured special agents”.

But not getting Elastic search related service in service list in checkmk

for elastic search we need to create rule only right in the "

"

do we need to do any other changes to get visible the elastic search related service . Are we missing anything. And cmk -D is not working

You need to run this command as the site user.

Please see the docs for more information:

Hello martin.schwarz/ Andreas,

I have created a elastic search rule with “Normal Checkmk agent, all configured special agents”.

But not getting Elastic search related service in service list in checkmk

for elastic search we need to create rule only right in the "

"

do we need to do any other changes to get visible the elastic search related service . Are we missing anything.

Do I need to do some other changes . Actually I have followed the step in the below link for the elastic search

but not getting service related to elastic search

As @andreas-doehler said:
Check the output from the “cmk -D hostname” command.
Add a “–debug” switch for more details.
There should be both the output for the normal checkmk agent on port 6556 as well as the Elasticsearch special agent.
You can run this ES special agent command manually (again: as the site user!) to further debug it.

Hello martin.schwarz /andreas-doehler,

Yes I have done the cmk -D hostname

Getting below detail .“Nothing related to elastic search special agent

:~$ cmk -D Hostname -debug

-debug
Addresses: 0.0.0.0
Tags:
Labels:
Host groups: check_mk
Contact groups: check-mk-notify
Agent mode: No agent
Type of agent:
Process piggyback data from /tmp/check_mk/piggyback/-debug
PING only
Services:
checktype item params description groups


Addresses:
Tags:
Labels:
Host groups: check_mk
Contact groups: all, check-mk-notify
Agent mode: Normal Checkmk agent, all configured special agents
Type of agent:
TCP: ip:portnumber
Program: /check_mk/agents/special/agent_elasticsearch ‘-P’ ‘https’ ‘-m’ ‘cluster_health nodes stats’ ‘-p’ port number ‘hostname’
Process piggyback data from
/tmp/check_mk/piggyback/hostname

"Nothing I am getting related Elastic search special agent "