i have icingabeat set up from a master to a kafka cluster and am trying to set the severity to be text and not number e.g. 0=OK, 1=WARNING, 2=CRITICAL. i’m using the add_field processor to add/set the field but the equals
condition doesn’t work but the range
does:
- if:
range:
icinga.chk_state.gte: 0
icinga.chk_state.lt: 1
then:
- add_fields:
target: icinga
fields:
chk_severity: OK
- if:
equals:
icinga.chk_state: 2
then:
- add_fields:
target: icinga
fields:
chk_severity: CRITICAL
output:
{
"@timestamp": "2021-01-26T15:52:37.258Z",
"@metadata": {
"beat": "icingabeat",
"type": "_doc",
"version": "7.5.2"
},
"host": {
"name": "icinga-temp-m1-aberdeen"
},
"icinga": {
"host": "vip-lb-sand.pete.com",
"service": "Capacity Sand",
"timestamp": "2021-01-26T15:52:37.257Z",
"type": "CheckResult",
"check_result": {
"exit_status": 2,
"output": "HTTP CRITICAL: HTTP/1.1 503 Service Unavailable - 282 bytes in 0.121 second response time "
},
"chk_state": 2
},
"type": "icingabeat.event.checkresult",
"datacenter": "m1-aberdeen",
"env": "temp"
}
{
"@timestamp": "2021-01-26T15:52:38.742Z",
"@metadata": {
"beat": "icingabeat",
"type": "_doc",
"version": "7.5.2"
},
"icinga": {
"chk_state": 0,
"chk_severity": "OK",
"timestamp": "2021-01-26T15:52:38.740Z",
"type": "CheckResult",
"check_result": {
"exit_status": 0,
"output": "Icinga 2 has been running for 21 hours, 49 minutes and 1 second. Version: r2.11.2-1"
},
"host": "icinga-temp-m1-aberdeen",
"service": "icinga"
},
"type": "icingabeat.event.checkresult",
"env": "temp",
"datacenter": "m1-aberdeen",
"host": {
"name": "icinga-temp-m1-aberdeen"
}
}
i have icingabeat version 7.5.2 (amd64), libbeat 7.5.2 [6a77caeb37c55edce8e5e321e0334084c61a7761 built 2020-02-27 11:09:37 +0000 UTC
any thoughts/ideas would help.