sensu-plugins-elasticsearch-boutetnico 1.0.4

data/bin/check-es-indices-field-count.rb

@@ -0,0 +1,194 @@
+#! /usr/bin/env ruby
+#
+#   check-es-indices-field-count
+#
+# DESCRIPTION:
+#   This plugin checks if the number of fields in ES index(es) is approaching limit. ES by default
+#   puts this limit at 1000 fields per index.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#
+# USAGE:
+#   This example checks if the number of fields for an index is reaching its limit set in
+#   index.mapping.total_fields.limit. This check takes as paramater the index name or
+#   comma-separated list of indices, and optionally the type to check on. If type is not specified,
+#   all types in index are examined.
+#   You can also specify an optional value for the limit. When omitted, this will default to 1000.
+#
+#   check-es-indices-field-count.rb -h <hostname or ip> -p 9200
+#           -i <index1>,<index2> --types <type_in_index> -w <pct> -c <pct>
+#
+#   If any indices crossing the specified thresholds (warning/critical), beside the appropriate return code
+#   this check will also output a list of indices with the violated percentage for further troubleshooting.
+# NOTES:
+#
+# LICENSE:
+#   CloudCruiser <devops@hpe.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'elasticsearch'
+require 'sensu-plugins-elasticsearch'
+require 'json'
+
+#
+# ES Indices Field Count
+#
+class ESIndicesFieldCount < Sensu::Plugin::Check::CLI
+  include ElasticsearchCommon
+
+  option :host,
+         description: 'Elasticsearch host',
+         short: '-h HOST',
+         long: '--host HOST',
+         default: 'localhost'
+
+  option :port,
+         description: 'Elasticsearch port',
+         short: '-p PORT',
+         long: '--port PORT',
+         proc: proc(&:to_i),
+         default: 9200
+
+  option :scheme,
+         description: 'Elasticsearch connection scheme, defaults to https for authenticated connections',
+         short: '-s SCHEME',
+         long: '--scheme SCHEME'
+
+  option :password,
+         description: 'Elasticsearch connection password',
+         short: '-P PASSWORD',
+         long: '--password PASSWORD'
+
+  option :user,
+         description: 'Elasticsearch connection user',
+         short: '-u USER',
+         long: '--user USER'
+
+  option :timeout,
+         description: 'Elasticsearch query timeout in seconds',
+         short: '-t TIMEOUT',
+         long: '--timeout TIMEOUT',
+         proc: proc(&:to_i),
+         default: 30
+
+  option :index,
+         description: 'Elasticsearch indices to check against.
+         Comma-separated list of index names to search.
+         Default to `_all` if omitted. Accepts wildcards',
+         short: '-i INDEX',
+         long: '--indices INDEX',
+         default: '_all'
+
+  option :types,
+         description: 'Elasticsearch types of index to check against.
+         Comma-separated list of types. When omitted, all types are checked against.',
+         short: '-T TYPES',
+         long: '--types TYPES'
+
+  option :limit,
+         description: 'Default number of fields limit to compare against.
+         Elasticsearch defaults this to 1000 if none is specified in index setting.',
+         short: '-l',
+         long: '--limit LIMIT',
+         proc: proc(&:to_i),
+         default: 1000
+
+  option :warn,
+         short: '-w PCT',
+         long: '--warn PCT',
+         description: 'WARNING threshold in percentage',
+         proc: proc(&:to_f),
+         default: 85.0
+
+  option :crit,
+         short: '-c N',
+         long: '--crit N',
+         description: 'CRITICAL threshold in percentage',
+         proc: proc(&:to_f),
+         default: 95.0
+
+  def indexfieldcount
+    index_field_count = {}
+    mappings = client.indices.get_mapping index: config[:index], type: config[:types]
+    mappings.each do |index, index_mapping|
+      unless index_mapping['mappings'].nil?
+        type_field_count = {}
+        index_mapping['mappings'].each do |type, type_mapping|
+          fieldcount = if type_mapping['properties'].nil?
+                         0
+                       else
+                         type_mapping['properties'].length
+                       end
+          type_field_count[type] = fieldcount
+        end
+
+        index_field_count[index] = type_field_count
+      end
+    end
+
+    index_field_count
+  end
+
+  def fieldlimitsetting
+    field_limit_setting = {}
+    settings = client.indices.get_settings index: config[:index]
+    settings.each do |index, index_setting|
+      index_field_limit = index_setting['settings']['index.mapping.total_fields.limit']
+      # when no index.mapping.total_fields.limit, use value of the limit parameter, which defaults to 1000.
+      index_field_limit = config[:limit] if index_field_limit.nil?
+      field_limit_setting[index] = { 'limit' => index_field_limit }
+    end
+
+    field_limit_setting
+  end
+
+  def run
+    fieldcounts = indexfieldcount
+    limits = fieldlimitsetting
+
+    warnings = {}
+    criticals = {}
+
+    if fieldcounts.empty?
+      unknown "Can't find any indices."
+    end
+
+    fieldcounts.each do |index, counts|
+      counts.each do |type, count|
+        pct = count.to_f / limits[index]['limit'] * 100
+
+        if config[:warn] <= pct && pct < config[:crit]
+          warnings[index] = {} if warnings[index].nil?
+          warnings[index][type] = pct.round(2)
+        end
+
+        if config[:crit] <= pct
+          criticals[index] = {} if criticals[index].nil?
+          criticals[index][type] = pct.round(2)
+        end
+      end
+    end
+
+    unless criticals.empty?
+      critical "Number of fields in indices is at critical level.
+#{JSON.pretty_generate(criticals)}"
+    end
+
+    unless warnings.empty?
+      warning "Number of fields in indices is at warning level.
+#{JSON.pretty_generate(warnings)}"
+    end
+
+    ok
+  end
+end

data/bin/check-es-indices-sizes.rb

@@ -0,0 +1,199 @@
+#! /usr/bin/env ruby
+#
+#   check-es-indices-sizes.rb
+#
+# DESCRIPTION:
+#   This check sends a critical event when the indices mathing the date pattern
+#     are above a MB value.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: elasticsearch
+#   gem: aws_es_transport
+#
+# USAGE:
+#   ./check-es-indices-sizes.rb -h localhost -p 9200 -m 155000
+#
+# NOTES:
+#
+# LICENSE:
+#   Brendan Leon Gibat <brendan.gibat@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'elasticsearch'
+require 'aws_es_transport'
+require 'sensu-plugins-elasticsearch'
+
+class ESCheckIndicesSizes < Sensu::Plugin::Check::CLI
+  include ElasticsearchCommon
+
+  option :transport,
+         long: '--transport TRANSPORT',
+         description: 'Transport to use to communicate with ES. Use "AWS" for signed AWS transports.'
+
+  option :region,
+         long: '--region REGION',
+         description: 'Region (necessary for AWS Transport)'
+
+  option :host,
+         description: 'Elasticsearch host',
+         short: '-h HOST',
+         long: '--host HOST',
+         default: 'localhost'
+
+  option :port,
+         description: 'Elasticsearch port',
+         short: '-p PORT',
+         long: '--port PORT',
+         proc: proc(&:to_i),
+         default: 9200
+
+  option :scheme,
+         description: 'Elasticsearch connection scheme, defaults to https for authenticated connections',
+         short: '-s SCHEME',
+         long: '--scheme SCHEME'
+
+  option :password,
+         description: 'Elasticsearch connection password',
+         short: '-P PASSWORD',
+         long: '--password PASSWORD'
+
+  option :user,
+         description: 'Elasticsearch connection user',
+         short: '-u USER',
+         long: '--user USER'
+
+  option :timeout,
+         description: 'Elasticsearch query timeout in seconds',
+         short: '-t TIMEOUT',
+         long: '--timeout TIMEOUT',
+         proc: proc(&:to_i),
+         default: 30
+
+  option :used_percent,
+         description: 'Percentage of bytes to use for indices matching pattern.',
+         short: '-a USED_PERCENTAGE',
+         long: '--used-percentage USED_PERCENTAGE',
+         proc: proc(&:to_i),
+         default: 80
+
+  option :maximum_megabytes,
+         description: 'Maximum number megabytes for date based indices to use.',
+         short: '-m MAXIMUM_MEGABYTES',
+         long: '--maximum-megabytes MAXIMUM_MEGABYTES',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :pattern_regex,
+         description: 'Regular expression to use for matching date based indices. Four named groups are matched, pattern, year, month, day.',
+         short: '-x PATTERN_REGEX',
+         long: '--pattern-regex PATTERN_REGEX',
+         default: '^(?<pattern>.*)-(?<year>\d\d\d\d)\.(?<month>\d\d?).(?<day>\d\d?)$'
+
+  option :delete,
+         description: 'Instead of alerting deletes the indicies',
+         short: '-d',
+         long: '--delete',
+         boolean: true,
+         default: false
+
+  def get_indices_to_delete(starting_date, total_bytes_to_delete, indices_with_sizes)
+    total_bytes_deleted = 0
+
+    # TODO: switch from `DateTime` to `Time` or `Date`
+    curr_date = DateTime.now
+
+    indices_to_delete = []
+
+    # We don't delete the current day, as it is most likely being used.
+    while total_bytes_deleted < total_bytes_to_delete && starting_date < curr_date
+      same_day_indices = indices_with_sizes.values.map do |pattern|
+        pattern.select do |index|
+          index[:date] == starting_date
+        end
+      end.flatten
+      same_day_indices.each do |index|
+        if total_bytes_deleted < total_bytes_to_delete
+          indices_to_delete.push(index[:index])
+          total_bytes_deleted += index[:size]
+        end
+      end
+      starting_date += 1
+    end
+
+    indices_to_delete
+  end
+
+  def build_indices_with_sizes
+    indices_fs_stats = client.indices.stats store: true
+    pattern_regex = Regexp.new(config[:pattern_regex])
+
+    index_with_sizes = indices_fs_stats['indices'].keys.each_with_object({}) do |key, hash|
+      matching_index = pattern_regex.match(key)
+      unless matching_index.nil?
+        base_pattern = matching_index[:pattern]
+        unless base_pattern.nil?
+          unless hash.include?(base_pattern)
+            hash[base_pattern] = []
+          end
+          index_date = DateTime.new(matching_index[:year].to_i, matching_index[:month].to_i, matching_index[:day].to_i)
+          hash[base_pattern].push(
+            size: indices_fs_stats['indices'][key]['total']['store']['size_in_bytes'].to_i,
+            date: index_date,
+            index: key
+          )
+        end
+      end
+    end
+
+    index_with_sizes
+  end
+
+  def run
+    node_fs_stats = client.nodes.stats metric: 'fs,indices'
+    nodes_being_used = node_fs_stats['nodes'].values.select { |node| node['indices']['store']['size_in_bytes'] > 0 }
+
+    # TODO: come back and cleanup all these rubocop disables with a little refactor
+    # rubocop:disable Metrics/LineLength
+    used_in_bytes = nodes_being_used.map { |node| node['fs']['data'].map { |data| data['total_in_bytes'] - data['available_in_bytes'] }.flatten }.flatten.inject { |sum, x| sum + x }
+    total_in_bytes = nodes_being_used.map { |node| node['fs']['data'].map { |data| data['total_in_bytes'] }.flatten }.flatten.inject { |sum, x| sum + x }
+    # rubocop:enable Metrics/LineLength
+
+    if config[:maximum_megabytes] > 0
+      target_bytes_used = config[:maximum_megabytes] * 1_000_000
+    else
+      if config[:used_percent] > 100 || config[:used_percent] < 0
+        critical 'You can not make used-percentages greater than 100 or less than 0.'
+      end
+      target_bytes_used = (total_in_bytes.to_f * (config[:used_percent].to_f / 100.0)).to_i
+    end
+
+    total_bytes_to_delete = used_in_bytes - target_bytes_used
+    if total_bytes_to_delete <= 0
+      ok "Used space in bytes: #{used_in_bytes}, Total in bytes: #{total_in_bytes}"
+    end
+
+    indices_with_sizes = build_indices_with_sizes
+
+    oldest = indices_with_sizes.values.flatten.map { |index| index[:date] }.min
+    indices_to_delete = get_indices_to_delete(oldest, total_bytes_to_delete, indices_with_sizes)
+
+    if config[:delete]
+      client.indices.delete index: indices_to_delete
+      ok "Cleaned up space: #{total_bytes_to_delete}"
+    else
+      critical "Not enough space, #{total_bytes_to_delete} bytes need to be deleted. Used space in bytes: " \
+      "#{used_in_bytes}, Total in bytes: #{total_in_bytes}. Indices to delete: " \
+      "#{indices_to_delete.sort.map { |i| "INDEX[#{i}]" }.join(', ')}"
+    end
+  end
+end

data/bin/check-es-node-status.rb

@@ -0,0 +1,137 @@
+#! /usr/bin/env ruby
+#
+#  check-es-node-status
+#
+# DESCRIPTION:
+#   This plugin checks the ElasticSearch node status, using its API.
+#   Works with ES 0.9x, ES 1.x, and ES 2.x
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#
+# USAGE:
+#   check-es-node-status --help
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2012 Sonian, Inc <chefs@sonian.net>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'rest-client'
+require 'json'
+require 'base64'
+
+class ESNodeStatus < Sensu::Plugin::Check::CLI
+  option :host,
+         description: 'Elasticsearch host',
+         short: '-h HOST',
+         long: '--host HOST',
+         default: 'localhost'
+
+  option :port,
+         description: 'Elasticsearch port',
+         short: '-p PORT',
+         long: '--port PORT',
+         proc: proc(&:to_i),
+         default: 9200
+
+  option :timeout,
+         description: 'Sets the connection timeout for REST client',
+         short: '-t SECS',
+         long: '--timeout SECS',
+         proc: proc(&:to_i),
+         default: 30
+
+  option :user,
+         description: 'Elasticsearch User',
+         short: '-u USER',
+         long: '--user USER'
+
+  option :password,
+         description: 'Elasticsearch Password',
+         short: '-P PASS',
+         long: '--password PASS'
+
+  option :https,
+         description: 'Enables HTTPS',
+         short: '-e',
+         long: '--https'
+
+  option :cert_file,
+         description: 'Cert file to use',
+         long: '--cert-file CERT_FILE'
+
+  option :all,
+         description: 'Check all nodes in the ES cluster',
+         short: '-a',
+         long: '--all',
+         default: false
+
+  def get_es_resource(resource)
+    headers = {}
+    if config[:user] && config[:password]
+      auth = 'Basic ' + Base64.strict_encode64("#{config[:user]}:#{config[:password]}").chomp
+      headers = { 'Authorization' => auth }
+    end
+
+    protocol = if config[:https]
+                 'https'
+               else
+                 'http'
+               end
+
+    r = if config[:cert_file]
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   ssl_ca_file: config[:cert_file].to_s,
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        else
+          RestClient::Resource.new("#{protocol}://#{config[:host]}:#{config[:port]}#{resource}",
+                                   timeout: config[:timeout],
+                                   headers: headers)
+        end
+    r.get
+  rescue Errno::ECONNREFUSED
+    critical 'Connection refused'
+  rescue RestClient::RequestTimeout
+    critical 'Connection timed out'
+  rescue Errno::ECONNRESET
+    critical 'Connection reset by peer'
+  end
+
+  def acquire_status
+    status = get_es_resource('/_nodes/stats')
+    status
+  end
+
+  def run
+    stats = acquire_status
+
+    if stats.code == 200
+      if config[:all]
+        total = stats['_nodes']['total']
+        successful = stats['_nodes']['successful']
+        if total == successful
+          ok 'Alive - all nodes'
+        else
+          critical 'Dead - one or more nodes'
+        end
+      else
+        ok "Alive #{stats.code}"
+      end
+    else
+      critical "Dead (#{stats.code})"
+    end
+  end
+end