sensu-plugins-elasticsearch 1.4.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 599c45c505813b0f4cedc04625d908997f1dd07f
-  data.tar.gz: f419a11fa51624afa6152ecf788aabb53abf1724
+  metadata.gz: 37833026481f5b5a0dd6494267bd542efaecc44d
+  data.tar.gz: b8271c8cf122df1714b6531ce7ba3635fcc0f256
 SHA512:
-  metadata.gz: 3e0f1782b1a25fec8eda540e82136709503846d10940a7c12a64e0aa09359b519f80b57a1173ce615f2efd37c3723637f7fe0d0b9b2ab9a0fa6c2c4175ffa08e
-  data.tar.gz: e36e42d3c79b0000a1aaa96c6ea20153ab2386941c01c0a046ed69cf35b3f654a7950a816872bc9efea56c7ea93d090efc6d1102da9dba5429376ef0431a9666
+  metadata.gz: e639765580a65cb627e99f8b7bb89482284488115e40678b4dd05112fde3aea98392beef4bb5ef534bea8e1f958e65d9a86495e69e7dd62b9083217a94af9ffd
+  data.tar.gz: 86a3c8224667571da1e7aa2ddd7484fcbddf0fa14d7655786d6c703418b016007d03d27adf4b16006e7217bf757e4b175925b9331d6335bdb132ca2327cad742

data/CHANGELOG.md

@@ -1,10 +1,14 @@
-#Change Log
+# Change Log
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachangelog.com/)
 
 ## [Unreleased]
 
+## [1.5.0] - 2017-07-26
+### Added
+- check-es-query-average.rb: check of average result by field (@ilavender)
+
 ## [1.4.1] - 2017-07-13
 ### Fixed
 - use timestamp_field from config for sorting in Kibana (@osgida)
@@ -164,7 +168,8 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 ### Added
 - initial release
 
-[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.4.1...HEAD
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.5.0...HEAD
+[1.5.0]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.4.1...1.5.0
 [1.4.1]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.4.0...1.4.1
 [1.4.0]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.3.1...1.4.0
 [1.3.1]: https://github.com/sensu-plugins/sensu-plugins-elasticsearch/compare/1.3.0...1.3.1

data/bin/check-es-query-average.rb

@@ -0,0 +1,281 @@
+#! /usr/bin/env ruby
+#
+#   check-es-query
+#
+# DESCRIPTION:
+#   This plugin checks an ElasticSearch query.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: elasticsearch
+#   gem: aws_es_transport
+#
+# USAGE:
+#   This example checks that the average of the field "serve_time" in logs matching a query of
+#       anything (*) at the host elasticsearch.service.consul for the past 90 minutes
+#       will warn if above 120ms and go critical if the result average is above 250ms
+#   check-es-query-average.rb -h elasticsearch.service.consul -q "*"
+#           --types special_type -d 'logging-%Y.%m.%d' --minutes-previous 90 -p 9200 -c 0.250 -w 0.120 -a serve_time
+#
+# NOTES:
+#
+# LICENSE:
+#   Itamar Lavender <itamar.lavender@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'elasticsearch'
+require 'time'
+require 'uri'
+require 'aws_es_transport'
+require 'sensu-plugins-elasticsearch'
+
+#
+# ES Query Count
+#
+class ESQueryAverage < Sensu::Plugin::Check::CLI
+  include ElasticsearchCommon
+
+  option :index,
+         description: 'Elasticsearch indices to query.
+         Comma-separated list of index names to search.
+         Use `_all` or empty string to perform the operation on all indices.
+         Accepts wildcards',
+         short: '-i INDEX',
+         long: '--indices INDEX'
+
+  option :transport,
+         long: '--transport TRANSPORT',
+         description: 'Transport to use to communicate with ES. Use "AWS" for signed AWS transports.'
+
+  option :region,
+         long: '--region REGION',
+         description: 'Region (necessary for AWS Transport)'
+
+  option :types,
+         description: 'Elasticsearch types to limit searches to, comma separated list.',
+         long: '--types TYPES'
+
+  option :timestamp_field,
+         description: 'Field to use instead of @timestamp for query.',
+         long: '--timestamp-field FIELD_NAME',
+         default: '@timestamp'
+
+  option :offset,
+         description: 'Seconds before offset to end @timestamp against query.',
+         long: '--offset OFFSET',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :ignore_unavailable,
+         description: 'Ignore unavailable indices.',
+         long: '--ignore-unavailable',
+         boolean: true,
+         default: true
+
+  option :minutes_previous,
+         description: 'Minutes before offset to check @timestamp against query.',
+         long: '--minutes-previous MINUTES_PREVIOUS',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :hours_previous,
+         description: 'Hours before offset to check @timestamp against query.',
+         long: '--hours-previous HOURS_PREVIOUS',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :days_previous,
+         description: 'Days before offset to check @timestamp against query.',
+         long: '--days-previous DAYS_PREVIOUS',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :weeks_previous,
+         description: 'Weeks before offset to check @timestamp against query.',
+         long: '--weeks-previous WEEKS_PREVIOUS',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :months_previous,
+         description: 'Months before offset to check @timestamp against query.',
+         long: '--months-previous MONTHS_PREVIOUS',
+         proc: proc(&:to_i),
+         default: 0
+
+  option :date_index,
+         description: 'Elasticsearch time based index.
+            Accepts format from http://ruby-doc.org/core-2.2.0/Time.html#method-i-strftime',
+         short: '-d DATE_INDEX',
+         long: '--date-index DATE_INDEX'
+
+  option :date_repeat_daily,
+         description: 'Elasticsearch date based index repeats daily.',
+         long: '--repeat-daily',
+         boolean: true,
+         default: true
+
+  option :date_repeat_hourly,
+         description: 'Elasticsearch date based index repeats hourly.',
+         long: '--repeat-hourly',
+         boolean: true,
+         default: false
+
+  option :search_field,
+         description: 'The Elasticsearch document field to search for your query string.',
+         short: '-f FIELD',
+         long: '--field FIELD',
+         required: false,
+         default: 'message'
+
+  option :query,
+         description: 'Elasticsearch query',
+         short: '-q QUERY',
+         long: '--query QUERY',
+         required: false
+
+  option :aggr,
+         description: 'Elasticsearch query aggr',
+         long: '--aggr',
+         boolean: true,
+         required: false,
+         default: true
+
+  option :aggr_field,
+         description: 'Elasticsearch query field to aggregate and average from',
+         short: '-a FIELD',
+         long: '--aggr-field FIELD',
+         required: true
+
+  option :host,
+         description: 'Elasticsearch host',
+         short: '-h HOST',
+         long: '--host HOST',
+         default: 'localhost'
+
+  option :port,
+         description: 'Elasticsearch port',
+         short: '-p PORT',
+         long: '--port PORT',
+         proc: proc(&:to_i),
+         default: 9200
+
+  option :scheme,
+         description: 'Elasticsearch connection scheme, defaults to https for authenticated connections',
+         short: '-s SCHEME',
+         long: '--scheme SCHEME'
+
+  option :password,
+         description: 'Elasticsearch connection password',
+         short: '-P PASSWORD',
+         long: '--password PASSWORD'
+
+  option :user,
+         description: 'Elasticsearch connection user',
+         short: '-u USER',
+         long: '--user USER'
+
+  option :timeout,
+         description: 'Elasticsearch query timeout in seconds',
+         short: '-t TIMEOUT',
+         long: '--timeout TIMEOUT',
+         proc: proc(&:to_i),
+         default: 30
+
+  option :warn,
+         short: '-w N',
+         long: '--warn N',
+         description: 'Result average WARNING threshold',
+         proc: proc(&:to_f),
+         default: 0
+
+  option :crit,
+         short: '-c N',
+         long: '--crit N',
+         description: 'Result average CRITICAL threshold',
+         proc: proc(&:to_f),
+         default: 0
+
+  option :invert,
+         long: '--invert',
+         description: 'Invert thresholds',
+         boolean: true
+
+  option :kibana_url,
+         long: '--kibana-url KIBANA_URL',
+         description: 'Kibana URL query prefix that will be in critical / warning response output.'
+
+  def kibana_info
+    kibana_date_format = '%Y-%m-%dT%H:%M:%S.%LZ'
+    unless config[:kibana_url].nil?
+      index = config[:index]
+      unless config[:date_index].nil?
+        date_index_partition = config[:date_index].split('%')
+        index = "[#{date_index_partition.first}]" \
+          "#{date_index_partition[1..-1].join.sub('Y', 'YYYY').sub('y', 'YY').sub('m', 'MM').sub('d', 'DD').sub('j', 'DDDD').sub('H', 'hh')}"
+      end
+      end_time = Time.now.utc.to_i
+      start_time = end_time
+      if config[:minutes_previous] != 0
+        start_time -= (config[:minutes_previous] * 60)
+      end
+      if config[:hours_previous] != 0
+        start_time -= (config[:hours_previous] * 60 * 60)
+      end
+      if config[:days_previous] != 0
+        start_time -= (config[:days_previous] * 60 * 60 * 24)
+      end
+      if config[:weeks_previous] != 0
+        start_time -= (config[:weeks_previous] * 60 * 60 * 24 * 7)
+      end
+      if config[:months_previous] != 0
+        start_time -= (config[:months_previous] * 60 * 60 * 24 * 31)
+      end
+      "Kibana logs: #{config[:kibana_url]}/#/discover?_g=" \
+      "(refreshInterval:(display:Off,section:0,value:0),time:(from:'" \
+      "#{URI.escape(Time.at(start_time).utc.strftime kibana_date_format)}',mode:absolute,to:'" \
+      "#{URI.escape(Time.at(end_time).utc.strftime kibana_date_format)}'))&_a=(columns:!(_source),index:" \
+      "#{URI.escape(index)},interval:auto,query:(query_string:(analyze_wildcard:!t,query:'" \
+      "#{URI.escape(config[:query])}')),sort:!('@timestamp',desc))&dummy"
+    end
+  end
+
+  def run
+    response = client.search(build_request_options)
+    if config[:invert]
+      if response['aggregations']['average']['value'] < config[:crit]
+        critical "Query average (#{response['aggregations']['average']['value']}) was below critical threshold. #{kibana_info}"
+      elsif response['aggregations']['average']['value'] < config[:warn]
+        warning "Query average (#{response['aggregations']['average']['value']}) was below warning threshold. #{kibana_info}"
+      else
+        ok "Query average (#{response['aggregations']['average']['value']}) was ok"
+      end
+    elsif response['aggregations']['average']['value'] > config[:crit]
+      critical "Query average (#{response['aggregations']['average']['value']}) was above critical threshold. #{kibana_info}"
+    elsif response['aggregations']['average']['value'] > config[:warn]
+      warning "Query average (#{response['aggregations']['average']['value']}) was above warning threshold. #{kibana_info}"
+    else
+      ok "Query average (#{response['aggregations']['average']['value']}) was ok"
+    end
+  rescue Elasticsearch::Transport::Transport::Errors::NotFound
+    if config[:invert]
+      if response['aggregations']['average']['value'] < config[:crit]
+        critical "Query average (#{response['aggregations']['average']['value']}) was below critical threshold. #{kibana_info}"
+      elsif response['aggregations']['average']['value'] < config[:warn]
+        warning "Query average (#{response['aggregations']['average']['value']}) was below warning threshold. #{kibana_info}"
+      else
+        ok "Query average (#{response['aggregations']['average']['value']}) was ok"
+      end
+    else
+      ok 'No results found, average was below thresholds'
+    end
+  end
+end

data/lib/sensu-plugins-elasticsearch/elasticsearch-query.rb

@@ -78,6 +78,31 @@ module ElasticsearchQuery
 
     if !config[:body].nil?
       options[:body] = config[:body]
+    elsif config[:aggr] == true
+      es_date_start = es_date_math_string end_time
+      options[:size] = 0
+      options[:body] = {
+        'query' => {
+          'bool' => {
+            'must' => [{
+              'query_string' => {
+                'default_field' => config[:search_field],
+                'query' => config[:query]
+              }
+            }, {
+              'range' => {
+                config[:timestamp_field] => {
+                  'gt' => es_date_start,
+                  'lt' => end_time.strftime('%Y-%m-%dT%H:%M:%S')
+                }
+              }
+            }]
+          }
+        },
+        'aggregations' => {
+          'average' => { 'avg' => { 'field' => config[:aggr_field] } }
+        }
+      }
     else
       es_date_start = es_date_math_string end_time
       unless es_date_start.nil?
@@ -114,7 +139,7 @@ module ElasticsearchQuery
        config[:days_previous] == 0 && \
        config[:weeks_previous] == 0 && \
        config[:months_previous] == 0
-      return nil
+      nil
     else
       es_math = "#{end_time.strftime '%Y-%m-%dT%H:%M:%S'}||"
       es_math += "-#{config[:minutes_previous]}m" if config[:minutes_previous] != 0
@@ -122,7 +147,7 @@ module ElasticsearchQuery
       es_math += "-#{config[:days_previous]}d" if config[:days_previous] != 0
       es_math += "-#{config[:weeks_previous]}w" if config[:weeks_previous] != 0
       es_math += "-#{config[:months_previous]}M" if config[:months_previous] != 0
-      return es_math
+      es_math
     end
   end
 end

data/lib/sensu-plugins-elasticsearch/version.rb

@@ -1,8 +1,8 @@
 module SensuPluginsElasticsearch
   module Version
     MAJOR = 1
-    MINOR = 4
-    PATCH = 1
+    MINOR = 5
+    PATCH = 0
 
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 1.4.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Sensu Plugins and contributors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-13 00:00:00.000000000 Z
+date: 2017-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -224,22 +224,23 @@ description: |-
                                 service health and metrics for cluster, node, and more.
 email: "<sensu-users@googlegroups.com>"
 executables:
-- check-es-circuit-breakers.rb
-- check-es-cluster-health.rb
+- check-es-query-ratio.rb
+- metrics-es-node.rb
+- metrics-es-cluster.rb
+- check-es-query-exists.rb
+- handler-es-delete-indices.rb
+- check-es-indices-sizes.rb
 - check-es-cluster-status.rb
+- check-es-cluster-health.rb
 - check-es-file-descriptors.rb
-- check-es-heap.rb
 - check-es-indexes.rb
-- check-es-indices-sizes.rb
-- check-es-node-status.rb
 - check-es-query-count.rb
-- check-es-query-exists.rb
-- check-es-query-ratio.rb
-- check-es-shard-allocation-status.rb
-- handler-es-delete-indices.rb
-- metrics-es-cluster.rb
+- check-es-node-status.rb
+- check-es-circuit-breakers.rb
+- check-es-query-average.rb
+- check-es-heap.rb
 - metrics-es-node-graphite.rb
-- metrics-es-node.rb
+- check-es-shard-allocation-status.rb
 extensions: []
 extra_rdoc_files: []
 files:
@@ -254,6 +255,7 @@ files:
 - bin/check-es-indexes.rb
 - bin/check-es-indices-sizes.rb
 - bin/check-es-node-status.rb
+- bin/check-es-query-average.rb
 - bin/check-es-query-count.rb
 - bin/check-es-query-exists.rb
 - bin/check-es-query-ratio.rb
@@ -292,7 +294,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Sensu plugins for elasticsearch