Elasticsearch and OpenSearch

Question

I would like to monitor our ElasticSearch nodes. Actually, it's OpenSearch, but hopefully that doesn't matter.

I have confirmed the server is listening on tcp/9200.

It looks like for the Elasticsearch_Cluster_Health_Status module to start working it needs hasCategory("elasticsearch") to return true.

It seems the easiest way for that to happen is for the addCategory_Elasticsearch module to detect it's an Elasticsearch device and add the "elasticsearch" category automatically.

What do I need to do for addCategory_Elasticsearch to work? It looks like it runs a script called "elasticsearch.api.port" What's that?

Thanks.

joe_williams · Answer

In checking the datasource it doesn't appear to currently have the option for a user or pass.
url = "http${use_http ? "" : "s"}://${host}:${port}/_cluster/health"
http_client = url.toURL().openConnection()

http_client.with {
    doInput = true
    requestMethod = 'GET'
    raw_response = content.text
}

From a quick google search tho, it appears OpenSearch supports Basic authentication.First verify that works for you with something like this.curl -XGET localhost:9200/_cluster/health?pretty=true -u admin:admin --insecureChanging the first admin for your user and the second admin for your password with a colon (:) in the middle.
If that works, you can clone the current module and we can make some adjustments.
Under where it defines host on line 7 you can add something like this
username = hostProps.get("elasticsearch.api.username")
password = hostProps.get("elasticsearch.api.password")
// Encode credentials in Base64
def basicAuth = "Basic " + Base64.getEncoder().encodeToString("${username}:${password}".getBytes("UTF-8"))

Then you can change the http client section to something like this
http_client.with {
    doInput = true
    requestMethod = 'GET'
    setRequestProperty("Authorization", basicAuth)  // Add Basic Auth Header
    raw_response = content.text
}
Now I would adjust the applies to as well to check for the user/pass properties otherwise this will break on servers that don't need it as we didn't add in error checks.I would also either disable the stock one, or adjust the properties in the cloned one so it only applies to this opensearch server and the default one doesn't keep trying.

danmassa7 · Answer

I believe I found the solution myself.&nbsp;&nbsp;If I simply add the property to the device elasticsearch.api.port="9200" then the addCategory_Elasticsearch will fire off and run.It still doesn't add the category "elasticsearch".&nbsp; This is probably because if I run either command directly from the server...curl -X GET "https://localhost:9200/_cluster/health"curl -X GET "https://localhost:9200/_cluster/health"I get failures to connect.&nbsp; My server probably needs a username/password.Does anyone know if there is a property like&nbsp;elasticsearch.password or&nbsp;elasticsearch.username that can be used on the device?Does LogicMonitor intend for us to run our ElasticSearch servers with no username/password?&nbsp; That would be weird!Thanks.&nbsp;&nbsp;

danmassa7 · Answer

Thank you for your reply.The ElasticSearch node does not respond to anonymous or basic authentication.&nbsp; It is part of a Graylog installation and I think it put in certificate-based auth exclusively.&nbsp; I have to figure out how to enable basic auth.That will take a long time.&nbsp; I'm not a linux person.&nbsp; Maybe someday!Thanks again.

Forum Discussion

Elasticsearch and OpenSearch

Related Content

LogicMonitor to Kibana (ElasticSearch)

How to monitor opensource elasticsearch in Logic Monitor

OCI APplication log Monitoring

AWS - Top API calls by User

mechanism to send data to LM to graph

Recent Discussions

Unclear GD Collector 37.000 Release

Windows Least Privilege and polling (WinServer)

Very basic question

Using data from another datasource

Pull .csv Alerts Thresholds Report via API