Maybe now is the time to think about replacing mk_logwatch and EC with Splunk/ELK/Opensearch and integrate them as a AddOn into CMK (Event_Check, Link to Logview, etc).These tools are much more powerful and offer much more possibilities for analysis, visualization and alerting and would raise the log monitoring of Checkmk to a new level. At the same time, you could use them also for a better and easier analysis of the different logfiles created by Checkmk itself.
With this Checkmk could improve the visualization of time-related aspects. Was there an accumulation at certain times, are there recognizable time patterns, are there commonalities? Which service was alerted the most, who was alerted the most, which site/customer has the most events, are there recurring patterns, etc.? I think the community will have many more ideas on this.Also, Checmk logfiles should be made more exportable so that they can be used more easily in tools like Splunk, ELK and co. Some examples of export rules, additional information on the logfiles for better indexing and some sample dashboards for this tool would make it much easier for customers to get started.
This feedback board is powered by Feature Upvote.
When submitting your email with a suggestion or comment, Feature Upvote uses your email to
Your email is never displayed to other users. Checkmk staff will be able to see your email address.
Feature Upvote's Acceptable Use Policy can be summarized as:
Read the full Acceptable Use Policy (in English)
We’ll email you when the status of the suggestion changes. You can unsubscribe at any time with a single click.