src/health/health.d/elasticsearch.conf


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

# you can disable an alarm notification by setting the 'to' line to: silent

# 'red' is a threshold, can't lookup the 'red' dimension - using simple pattern is a workaround.

 template: elasticsearch_cluster_health_status_red
       on: elasticsearch.cluster_health_status
    class: Errors
     type: SearchEngine
component: Elasticsearch
   lookup: average -5s unaligned of *ed
    every: 10s
    units: status
     crit: $this == 1
    delay: down 5m multiplier 1.5 max 1h
  summary: Elasticsearch cluster ${label:cluster_name} status
     info: Elasticsearch cluster ${label:cluster_name} health status is red.
       to: sysadmin

# the idea of '-10m' is to handle yellow status after node restart,
# (usually) no action is required because Elasticsearch will automatically restore the green status.
 template: elasticsearch_cluster_health_status_yellow
       on: elasticsearch.cluster_health_status
    class: Errors
     type: SearchEngine
component: Elasticsearch
   lookup: average -10m unaligned of yellow
    every: 1m
    units: status
     warn: $this == 1
    delay: down 5m multiplier 1.5 max 1h
  summary: Elasticsearch cluster ${label:cluster_name} status
     info: Elasticsearch cluster ${label:cluster_name} health status is yellow.
       to: sysadmin

 template: elasticsearch_node_index_health_red
       on: elasticsearch.node_index_health
    class: Errors
     type: SearchEngine
component: Elasticsearch
   lookup: average -5s unaligned of *ed
    every: 10s
    units: status
     warn: $this == 1
    delay: down 5m multiplier 1.5 max 1h
  summary: Elasticsearch cluster ${label:cluster_name} index ${label:index} status
     info: Elasticsearch cluster ${label:cluster_name} index ${label:index} health status is red.
       to: sysadmin

# don't convert 'lookup' value to seconds in 'calc' due to UI showing seconds as hh:mm:ss (0 as now).

 template: elasticsearch_node_indices_search_time_query
       on: elasticsearch.node_indices_search_time
    class: Workload
     type: SearchEngine
component: Elasticsearch
   lookup: average -10m unaligned of query
    every: 10s
    units: milliseconds
     warn: $this > (($status >= $WARNING)  ? (20 * 1000) : (30 * 1000))
    delay: down 5m multiplier 1.5 max 1h
  summary: Elasticsearch cluster ${label:cluster_name} node ${label:node_name} query performance
     info: Elasticsearch cluster ${label:cluster_name} node ${label:node_name} search performance is degraded, queries run slowly.
       to: sysadmin

 template: elasticsearch_node_indices_search_time_fetch
       on: elasticsearch.node_indices_search_time
    class: Workload
     type: SearchEngine
component: Elasticsearch
   lookup: average -10m unaligned of fetch
    every: 10s
    units: milliseconds
     warn: $this > (($status >= $WARNING)  ? (3 * 1000) : (5 * 1000))
     crit: $this > (($status == $CRITICAL) ? (5 * 1000) : (30 * 1000))
    delay: down 5m multiplier 1.5 max 1h
  summary: Elasticsearch cluster ${label:cluster_name} node ${label:node_name} fetch performance
     info: Elasticsearch cluster ${label:cluster_name} node ${label:node_name} search performance is degraded, fetches run slowly.
       to: sysadmin