Hello,
I’m trying to use this module but always getting 0 hits.
Connection to elasticsearch instance is working because if I change one connection parameter I get an error message.
eventtypes are configured like this:
Name syslog
Instance elasticsearch
Index syslog_*
Filter host=*
Fields host, message
Fields are available in elasticsearch (I checked through kibana).
Now if I fire a request like this via command line:
icingacli elasticsearch check --instance elasticsearch --crit 10 --warn 5 --index syslog_* --filter=host=* --from -1d
I get 0 hits when in reality I have more than a thousand hits from kibana.
I tried some debugging directly from the php files and if I use the Request->body directly into kibana it’s working just fine returning the right number of results.
In icingaweb2 instead, it seems not to filter results in a specific timeframe and the query goes in timeout returning the first results with an error. As a consequence the first returned results do not have a @timestamp field and the response throws an exception because there is no such field to order by. (this is goig on under the hood; I discovered it using some echo in the code. Otherwise the output in the GUI is “OK: 0 hits”. )
Any suggestion?
Thank you in advance