2

I am in the process of tying up Bosun with my existing ELK setup. However after referring to the documents in Bosun I am not able to identify how exactly the connectivity works.

is it something like below.

Logstash output for opentsdb --> Bosun or Logstash output for opentsdb --> scollector --> Bosun.

kasperd
  • 29,894
  • 16
  • 72
  • 122
Dilruwan Madubashitha
  • 21
  • 1

1 Answers1

1

The lsstat() and lscount() functions query elastic directly. You define an array of elastic hosts:

logstashElasticHosts=http://ny-lselastic01.ds.stackexchange.com:9200,http://ny-lselastic02.ds.stackexchange.com:9200,http://ny-lselastic03.ds.stackexchange.com:9200

Bosun (really the Go ES Library) will discover all nodes in that cluster and keep track of when nodes leave and come (as long as at startup it can use one of the hosts in the array to discover all the other hosts).

They are "logstash" functions because the code expects indexes to have the date postfix as per Logstash's default.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • So Lets say that I have data in elasticsearch and with the above configuration I will get them listed in Bosun as a Metric ? – Dilruwan Madubashitha Apr 28 '15 at 14:38
  • @DilruwanMadubashitha: Not currently. The items and graph page are opentsdb specific (including metric completion). The graph page is OpenTSDB specific in it's design. (You can however view graphs of lscount() and lsstat() results on the expression page. For the items page, I don't really know what you would expect to see on the items page due to the nature of free form documents (what ES stores). What would you picture it showing exactly? – Kyle Brandt Apr 28 '15 at 15:54
  • Thanks. What I am after is an alerting system which will show me the Events captured through ELK. based on a threshold that is configured i.e. Apr 20 2015 07:13:53 | ERROR | XXX | XXXXX| 9166 | XXXXX - 07:13 and then these events to be acknowledged by an individual, worked upon etc. Reading on the bosun webportal I understood that bosun is capable of this. I am Just trying to figure out how to do that – Dilruwan Madubashitha Apr 28 '15 at 16:14
  • @DilruwanMadubashitha: You can use Bosun with ELK; we use it at Stack Exchange. – Kyle Brandt Apr 28 '15 at 16:21