Integration with Splunk/ELK in a way out of the box connector.

23 votes

Under consideration Integrations Suggested by: David Wayne (02 May, '22) • Upvoted: 22 Nov • Comments: 2

Comments: 2

30 Jun, '22
Lars Sörensen
Maybe now is the time to think about replacing mk_logwatch and EC with Splunk/ELK/Opensearch and integrate them as a AddOn into CMK (Event_Check, Link to Logview, etc).

These tools are much more powerful and offer much more possibilities for analysis, visualization and alerting and would raise the log monitoring of Checkmk to a new level. At the same time, you could use them also for a better and easier analysis of the different logfiles created by Checkmk itself.
08 Jan
Jon Doe
With this Checkmk could improve the visualization of time-related aspects. Was there an accumulation at certain times, are there recognizable time patterns, are there commonalities? Which service was alerted the most, who was alerted the most, which site/customer has the most events, are there recurring patterns, etc.? I think the community will have many more ideas on this.

Also, Checmk logfiles should be made more exportable so that they can be used more easily in tools like Splunk, ELK and co. Some examples of export rules, additional information on the logfiles for better indexing and some sample dashboards for this tool would make it much easier for customers to get started.