Forum Discussion

danmassa7's avatar
danmassa7
Icon for Neophyte rankNeophyte
2 months ago

Elasticsearch and OpenSearch

I would like to monitor our ElasticSearch nodes.  Actually, it's OpenSearch, but hopefully that doesn't matter. I have confirmed the server is listening on tcp/9200. It looks like for the Elasticse...
elasticsearch
danmassa7's avatar
danmassa7
Icon for Neophyte rankNeophyte
2 months ago

I believe I found the solution myself.  

If I simply add the property to the device elasticsearch.api.port="9200" then the addCategory_Elasticsearch will fire off and run.

It still doesn't add the category "elasticsearch".  This is probably because if I run either command directly from the server...

curl -X GET "https://localhost:9200/_cluster/health"

curl -X GET "https://localhost:9200/_cluster/health"

I get failures to connect.  My server probably needs a username/password.

Does anyone know if there is a property like elasticsearch.password or elasticsearch.username that can be used on the device?

Does LogicMonitor intend for us to run our ElasticSearch servers with no username/password?  That would be weird!

Thanks.

 

 

Joe_Williams's avatar
Joe_Williams
Icon for Professor rankProfessor
2 months ago

In checking the datasource it doesn't appear to currently have the option for a user or pass.

url = "http${use_http ? "" : "s"}://${host}:${port}/_cluster/health"
http_client = url.toURL().openConnection()

http_client.with {
    doInput = true
    requestMethod = 'GET'
    raw_response = content.text
}

From a quick google search tho, it appears OpenSearch supports Basic authentication.
First verify that works for you with something like this.
curl -XGET localhost:9200/_cluster/health?pretty=true -u admin:admin --insecure
Changing the first admin for your user and the second admin for your password with a colon (:) in the middle.

If that works, you can clone the current module and we can make some adjustments.

Under where it defines host on line 7 you can add something like this

username = hostProps.get("elasticsearch.api.username")
password = hostProps.get("elasticsearch.api.password")
// Encode credentials in Base64
def basicAuth = "Basic " + Base64.getEncoder().encodeToString("${username}:${password}".getBytes("UTF-8"))

Then you can change the http client section to something like this

http_client.with {
    doInput = true
    requestMethod = 'GET'
    setRequestProperty("Authorization", basicAuth)  // Add Basic Auth Header
    raw_response = content.text
}

Now I would adjust the applies to as well to check for the user/pass properties otherwise this will break on servers that don't need it as we didn't add in error checks.
I would also either disable the stock one, or adjust the properties in the cloned one so it only applies to this opensearch server and the default one doesn't keep trying.