Support advanced Log-Management
It has been evident for many years that Checkmk's Event Console no longer meets customer requirements for a modern log management tool. The filters, analyses, and event selection are rudimentary, and the alerting options are limited.
Checkmk must replace the EC with a modern log management tool such as Loki, ELK, Graylog, etc. This change will unlock numerous new possibilities for analyzing logs and metrics across hosts and services, facilitate the analysis of Checkmk incidents, and bring Checkmk back on par with its competitors in terms of log monitoring.
Comments: 6
Oldest
•
Newest
•
Most likes
•
Fewest likes
-
01 Apr, '25
Mohamed Saleh AdminHi Lars,
Thank you for posting your idea!
Could you provide some additional context that would help us pin down the main problems you are facing with EC that this suggestion will solve? Ideas with a more confined scope are easier to analyze and tackle. As it stands now, the scope of the idea is very broad and we need your input on what are the most important things to focus on when considering the EC. -
02 Apr, '25
Lars SörensenHi Mohamed
Thank you for the inquiry.
The Event Console (EC) works well in simple environments, but in more complex setups, we quickly reach its limits.
Weaknesses we've noticed:
* mk_logwatch struggles with log rotations and multi-line logs. This isn't directly related to EC, but it affects event forwarding to EC and leads to missing events.
* Viewing/filtering becomes slower as the number of events increases. Timeouts are common.
* Provides only basic filtering, which becomes inefficient with many events. Searching/filtering for specific events becomes difficult and slow.
* Doesn't provide advanced analysis or visualisation to identify patterns or trends in logs, making in-depth analysis difficult.
* Alerting mechanisms are too basic and lack flexibility for complex scenarios.
* Doesn't integrate with external systems.
* Checkmk's own logs can't be viewed and analysed in Checkmk itself
I hope this helps to clarify the challenges we're facing.
Regards, Lars -
04 Apr, '25
Mohamed Saleh AdminHi Lars,
Thank you, this is helpful insight!
Can I deduce for your list that the first 2 points are your biggest pains at the moment, in other words they are in order of priority? -
04 Apr, '25
Lars SörensenHi Mohamed,
The basic problems related to mk_logwatch have already been addressed in other suggestions here:
https://ideas.checkmk.com/suggestions/349643/mk_logwatch-ensure-that-no-events-are-lost-during-log-rotations
https://ideas.checkmk.com/suggestions/321353/mk_logwatch-support-muliline-logs
Biggest Pains at the Moment:
Displaying and filtering becomes slower as the number of events increases, especially in the history view.
The lack of advanced filtering, analysis, and visualization makes it nearly impossible to identify patterns, trends, or set up complex alerts for specific scenarios.
Let me know if you need any further details!
Regards, Lars -
19 Apr, '25
Lars SörensenThe underlying idea goes in the same direction like https://ideas.checkmk.com/suggestions/297009/integration-with-splunkelk-in-a-way-out-of-the-box-connector
-
03 Nov, '25
Martin Hirschvogel AdminIn our long-term strategy, advanced log management is planned. That's why we introduce a new database with Checkmk 2.5, with the first use case: metrics.
The database is flexible enough to also store any kind of logs.