Skip to main content
Version: 23.04

Logstash Events

Before starting

  • You can send events from a central server, a remote server or a poller.
  • By default, this stream connector sends host_status and service_status events. The event format is shown there.
  • Aformentioned events are fired each time a host or a service is checked. Various parameters let you filter out events.

Installation

Login as root on the Centreon central server using your favorite SSH client.

Run the command according on your system:

dnf install centreon-stream-connector-logstash

Configuration

To configure your stream connector, you must head over the Configuration --> Poller --> Broker configuration menu. Select the central-broker-master configuration (or the appropriate broker configuration if it is a poller or a remote server that will send events) and click the Output tab when the broker form is displayed.

Add a new generic - stream connector output and set the following fields as follow:

FieldValue
NameLogstash events
Path/usr/share/centreon-broker/lua/logstash-events-apiv2.lua
Filter categoryNeb

Add Logstash mandatory parameters

Each stream connector has a set of mandatory parameters. To add them you must click on the +Add a new entry button located below the filter category input.

TypeNameValue explanationValue exemple
stringhttp_server_urlthe url of the logstash http pluginhttps:/mylogstash.test
numberportthe port of your logstash http plugin8443

Add Logstash optional parameters

Some stream connectors have a set of optional parameters dedicated to the Software that they are associated with. To add them you must click on the +Add a new entry button located below the filter category input.

TypeNameValue explanationdefault value
stringusernamethe username if your are using https with basic auth for your logstash http plugin
stringpasswordthe password of your user if you are using https with basic auth for your logstash http plugin
stringlogfilethe file in which logs are written/var/log/centreon-broker/logstash-events.log
numberlog_levellogging level from 1 (errors) to 3 (debug)1

Standard parameters

All stream connectors can use a set of optional parameters that are made available through Centreon stream connectors lua modules.

All those parameters are documented here.

Some of them are overridden by this stream connector.

TypeNameDefault value for the stream connector
stringaccepted_categoriesneb
stringaccepted_elementshost_status,service_status

Event bulking

This stream connector is compatible with event bulking. Meaning that it is able to send more that one event in each call to the Logstash HTTP plugin.

To use this feature you must add the following parameter in your stream connector configuration.

TypeNameValue
numbermax_buffer_sizemore than one

Event format

This stream connector will send event with the following format.

service_status event

{
"event_timestamp": 1653434348,
"hostname": "my-host",
"output": "[CRITICAL] low power",
"service": "my-service",
"state": "CRITICAL",
"title": "CRITICAL: my-host, my-service"
}

host_status event

{
"event_timestamp": 1653434348,
"hostname": "my-host",
"output": "[DOWN] server is down",
"state": "DOWN",
"title": "DOWN: my-host"
}

Custom event format

This stream connector allows you to change the format of the event to suit your needs. Only the event part of the json is customisable. It also allows you to handle events type that are not handled by default such as ba_status events.

In order to use this feature you need to configure a json event format file and add a new stream connector parameter.

TypeNameValue
stringformat_file/etc/centreon-broker/logstash-events-format.json

The event format configuration file must be readable by the centreon-broker user

To learn more about custom event format and templating file, head over the following documentation.

Curl commands

Here is the list of all the curl commands that are used by the stream connector.

Send events

curl -X PUT -H "accept: application/json" curl -X PUT 'http://<logstash_address>:<logstash_port>' -d '{"event_timestamp": 1653434348,"hostname": "my-host","output": "[DOWN] server is down","state": "DOWN","title": "DOWN: my-host"}'

You must replace all the <xxxx> inside the above command with their appropriate value. <logstash_port> may become 8080.