Hy,
ive got a running icinga master with connect to my ELK.
i ship the new metrics all to the ELK with the icingabeat and read them with the elastic module.
so far so good…
but is there a way to migrate and properly index the old metrics which where actually only insight the local icinga postgresql DB to the ELK ?
Hi,
Icinga doesn’t store any metrics in the IDO database backend. It stores state changes, notifications, etc in historical tables if that’s of interest. Exporting such would require SQL magic and forwarding them to Elasticsearch then.
Question aside - why would you want to store metrics in Elastic Stack? Imho Graphite/InfluxDB/Prometheus solve a better TSDB purpose here.
Cheers,
Michael
metrics should be stored in the ELK, cause the ELK is our global SIEM System.
therefore we want all informations stored in there…
if its not posible (to easyly migrate the old metrics this isnt a deal breaker).
Marketing did a good job here, I just read https://www.elastic.co/products/siem
I doubt that metrics are a good idea in Elasticsearch in the long term, regarding aggregation, storage and performance, but truly it is your system and you’re taking the decisions and results.
In terms of migration possibilities I don’t see any, unless you kept storing existing performance data metrics in TSDB systems like Graphite, InfluxDB, etc.
Cheers,
Michael
hy michael,
thanks for your reply…
ive discuss this internal with my team and the guys think that the effort of the migration is to small…
so this topic can be closed.