Created
January 4, 2019 09:48
-
-
Save VerosK/e9c724d686db563d9aaa9e6bca2373ce to your computer and use it in GitHub Desktop.
Icinga2 check number of events in ELK stack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Check number of events in Elasticsearch stored by Logstash | |
| # | |
| INDEX_NAME=$( date '+logstash-%Y.%m.%d' -d '30 minutes ago' ) | |
| function get_last_items() { | |
| curl -s -k -XGET "http://localhost:9200/$INDEX_NAME/_count" \ | |
| -H "Content-type: application/json" -d' | |
| { | |
| "query": { | |
| "range": { | |
| "@timestamp": { | |
| "gte": "now-60m", | |
| "lte": "now" | |
| } | |
| } | |
| } | |
| }' | jq .count | |
| } | |
| TOTAL_EVENTS=$( get_last_items ) | |
| if [[ $TOTAL_EVENTS -gt 1024 ]]; then | |
| RETV=0 | |
| echo -en "OK - got $TOTAL_EVENTS in last 60 minutes" | |
| elif [[ $TOTAL_EVENTS -eq 0 ]]; then | |
| RETV=2 | |
| echo -en "CRITICAL - no events in last 60 minutes" | |
| elif [[ $TOTAL_EVENTS -eq 0 ]]; then | |
| RETV=1 | |
| echo -en "WARNING - got $TOTAL_EVENTS in last 60 minutes" | |
| fi | |
| echo "|events_found=$TOTAL_EVENTS" | |
| exit $RETV |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment