Integration with Splunk/ELK in a way out of the box connector.

Comments: 4

Oldest • Newest • Most likes • Fewest likes

• Add a comment
• 30 Jun, '22
  Lars Sörensen

  Maybe now is the time to think about replacing mk_logwatch and EC with Splunk/ELK/Opensearch and integrate them as a AddOn into CMK (Event_Check, Link to Logview, etc).
  
  These tools are much more powerful and offer much more possibilities for analysis, visualization and alerting and would raise the log monitoring of Checkmk to a new level. At the same time, you could use them also for a better and easier analysis of the different logfiles created by Checkmk itself.

  4 Copy link to this comment
• 08 Jan, '23
  Jon Doe

  With this Checkmk could improve the visualization of time-related aspects. Was there an accumulation at certain times, are there recognizable time patterns, are there commonalities? Which service was alerted the most, who was alerted the most, which site/customer has the most events, are there recurring patterns, etc.? I think the community will have many more ideas on this.
  
  Also, Checmk logfiles should be made more exportable so that they can be used more easily in tools like Splunk, ELK and co. Some examples of export rules, additional information on the logfiles for better indexing and some sample dashboards for this tool would make it much easier for customers to get started.

  3 Copy link to this comment
• 27 May, '24
  Markus

  The license SSPL seems to be quite incompatible. Eventually a podman container would be an option.
  
  What about opensearch? (see also https://ideas.checkmk.com/suggestions/366470/support-monitoring-opensearch)

  1 Copy link to this comment
• 19 Apr, '25
  Lars Sörensen

  The underlying idea goes in the same direction like https://ideas.checkmk.com/suggestions/624736/event-console-support-advanced-logmanagement

  1 Copy link to this comment