zabbix_export: version: '5.4' date: '2021-11-21T21:39:26Z' groups: - uuid: fd4fe4ed03d04c6781e8a3e7ff17dede name: 'Onx Solutions' templates: - uuid: 65bdb05976784cf48d638986cca4ecfd template: graylog_nodes name: 'Graylog: Nodes' description: | ## Overview Template created to monitor GrayLog nodes through LLD (Low Level Discovery) We added a feature of Zabbix called LLD (Low Level Discovery) in the model, this automation seeks to facilitate the discovery of the nodes in GrayLog, so that you do not have to register the nodes manually just set the time of the discovery rule. Monitoring Itens: ----------------- * GrayLog: Filter execution Time (FIltered, Incomming, Outgoing, Process) * GrayLog: Internal Log Message (Error, Fatal, Trace, Warn) * GrayLog: Journal ( Journal Size) * GrayLog: Node Memory(LLD)/( Free Memory, Max Memory, Total Memory, Used Memory) * GrayLog: Node Status (Lifecycle, Processing, Status ) * GrayLog: Services Requirements ------------ * Zabbix 3.4; * Graylog 2.4; * Zabbix Agent install on Graylog; * Python 3.4 or > Python3; * Imports; + import requests; + import json; + import sys ## Author Beza groups: - name: 'Onx Solutions' items: - uuid: 17e3227787f84c2eaff0bad500faef5b name: 'GrayLog: Internal Log Message Error 5 min' key: 'graylog.inter.log[org.apache.logging.log4j.core.Appender.error,m5_rate]' delay: 3m history: 7d value_type: FLOAT tags: - tag: Application value: 'GrayLog: Internal Log' - uuid: 8270c1e0ce654275895e4d32f8776396 name: 'GrayLog: Internal Log Message Fatal 5 min' key: 'graylog.inter.log[org.apache.logging.log4j.core.Appender.fatal,m5_rate]' delay: 3m history: 7d value_type: FLOAT tags: - tag: Application value: 'GrayLog: Internal Log' - uuid: 7c4aba51e22247d5a0db3a3465b2e494 name: 'GrayLog: Internal Log Message Trace 5 min' key: 'graylog.inter.log[org.apache.logging.log4j.core.Appender.trace,m5_rate]' delay: 3m history: 7d value_type: FLOAT tags: - tag: Application value: 'GrayLog: Internal Log' - uuid: 5e21fbe7a9c9485a94b5ee628bcd01bf name: 'GrayLog: Internal Log Message Warn 5 min' key: 'graylog.inter.log[org.apache.logging.log4j.core.Appender.warn,m5_rate]' delay: 3m history: 7d value_type: FLOAT tags: - tag: Application value: 'GrayLog: Internal Log' - uuid: 4d58c3b00d884fe59145e4d8fbc983af name: 'GrayLog Journal Size' key: 'graylog.journal.size[org.graylog2.journal.entries-uncommitted,value]' delay: 5m history: 7d description: 'The Graylog journal is the component sitting in front of all message processing that writes all incoming messages to disk. Graylog then reads messages from this journal to parse, process, and store them.' tags: - tag: Application value: 'GrayLog: Journal' - uuid: e4febca2340046dfab0d1b9517893c95 name: 'GrayLog: Filter execution Time(FIltered OutMessages) 5min' key: 'graylog.proc.buffer[ProcessBufferProcessor.filteredOutMessages,m5_rate]' delay: 3m history: 7d value_type: FLOAT description: 'A common problem that can hit performance or bring message processing to a halt completely is when someone configures a regular expression or other rule that is too CPU expensive or simply never finishes.' tags: - tag: Application value: 'GrayLog: Filter Execution' - uuid: 3d9b640d7b99423d9563eae66c0f4cc7 name: 'GrayLog: Filter execution Time(Incoming Messages) 5min' key: 'graylog.proc.buffer[ProcessBufferProcessor.incomingMessages,m5_rate]' delay: 3m history: 7d value_type: FLOAT description: 'A common problem that can hit performance or bring message processing to a halt completely is when someone configures a regular expression or other rule that is too CPU expensive or simply never finishes.' tags: - tag: Application value: 'GrayLog: Filter Execution' - uuid: 3c788d5ce2b84aeab3bb1bed5b8498dd name: 'GrayLog: Filter execution Time(Outgoing Message) 5min' key: 'graylog.proc.buffer[ProcessBufferProcessor.outgoingMessages,m5_rate]' delay: 3m history: 7d value_type: FLOAT description: 'A common problem that can hit performance or bring message processing to a halt completely is when someone configures a regular expression or other rule that is too CPU expensive or simply never finishes.' tags: - tag: Application value: 'GrayLog: Filter Execution' - uuid: d7f2deb670514e3d9dce02fd4af59094 name: 'GrayLog: Filter execution Time(Process Time) 5min' key: 'graylog.proc.buffer[ProcessBufferProcessor.processTime,m5_rate]' delay: 3m history: 7d value_type: FLOAT description: 'A common problem that can hit performance or bring message processing to a halt completely is when someone configures a regular expression or other rule that is too CPU expensive or simply never finishes.' tags: - tag: Application value: 'GrayLog: Filter Execution' - uuid: 4d708d5b45ed40e8947cc4667e39fb31 name: 'GrayLog: Service Status' key: 'net.tcp.port[{HOST.IP},9000]' delay: 3m history: 7d valuemap: name: 'Service state' tags: - tag: Application value: 'GrayLog Service' triggers: - uuid: a1237e330dc74d6c8ddc3b46e34d2e9b expression: 'last(/graylog_nodes/net.tcp.port[{HOST.IP},9000])=0' name: 'Graylog: TCP DOWN' priority: AVERAGE - uuid: 0584a0824ccb44d3b881e7fa3fafd854 name: 'GrayLog: Processes' key: 'proc.num[graylog-server,,]' delay: 3m history: 7d tags: - tag: Application value: 'GrayLog Service' discovery_rules: - uuid: f2c223f201f64f94a32d532d19a67f5b name: 'Discovery Node' key: graylog.discovery.node delay: 3m lifetime: 1h item_prototypes: - uuid: 9aead77380a54eed84d4899c7d35930b name: 'Graylog: Node Processing' key: 'graylog.cluster.status[{#NODEID},is_processing]' delay: 3m trends: '0' value_type: TEXT tags: - tag: Application value: 'Graylog: Node Status' - uuid: 4091a03e8dff4af2bb45d405d855b4eb name: 'Graylog: Node Status' key: 'graylog.cluster.status[{#NODEID},lb_status]' delay: 3m trends: '0' value_type: TEXT tags: - tag: Application value: 'Graylog: Node Status' - uuid: 376eaacc43a74349901f6fcdd00519e3 name: 'Graylog: Node Lifecycle' key: 'graylog.cluster.status[{#NODEID},lifecycle]' delay: 30s trends: '0' value_type: TEXT tags: - tag: Application value: 'Graylog: Node Status' - uuid: f0a60857d3254c09a249603c8c34772d name: '{#NODEID},GrayLog: Memory Used (%)(Total/Max)' type: CALCULATED key: 'graylog.men.free[{#NODEID}]' delay: 3m value_type: FLOAT units: '%' params: '100*last(//graylog.node.men[{#NODEID},total_memory])/last(//graylog.node.men[{#NODEID},max_memory])' tags: - tag: Application value: 'Graylog: Node Memory' - uuid: 4abc2f651f1e44da8921c54272e5ceab name: 'GrayLog: Node Free Memory' key: 'graylog.node.men[{#NODEID},free_memory]' delay: 3m history: 7d units: b tags: - tag: Application value: 'Graylog: Node Memory' - uuid: e90ebb4803a24d63b783a3f7678a922f name: 'GrayLog: Node Max Memory' key: 'graylog.node.men[{#NODEID},max_memory]' delay: 3m history: 7d units: b tags: - tag: Application value: 'Graylog: Node Memory' - uuid: 135c6bd6e3534fa882fdd550659f75bd name: 'GrayLog: Node Total Memory' key: 'graylog.node.men[{#NODEID},total_memory]' delay: 3m history: 7d units: b tags: - tag: Application value: 'Graylog: Node Memory' - uuid: a81514df2e0d4a99bab9bad6fbc1dc20 name: 'GrayLog: Node Used Memory' key: 'graylog.node.men[{#NODEID},used_memory]' delay: 3m history: 7d units: b tags: - tag: Application value: 'Graylog: Node Memory' valuemaps: - uuid: 66473ac6b2024c4da2919fab25c4dfe1 name: 'Service state' mappings: - value: '0' newvalue: Down - value: '1' newvalue: Up