Is there a way to write the output of failed checks into a log file?
I am kind of thinking of a parameter that could be set on the agents, to write the responses of failed checks into a specific log file.
This way I could collect them with filebeat and send them to elastic.
Why not use an elasticsearch handler with a filter on it that only sends the event data on check failures?
Thats a valid question.
I found that assets after posting my question.
Will definitely give a it a look 
Thanks
Have you ever used that handler? I am clearly struggling to make it workā¦
Iāve only used it in a lab/demo environment. This is the handler definition I used.
type: Handler
api_version: core/v2
metadata:
name: elasticsearch
namespace: default
spec:
type: pipe
command: sensu-go-elasticsearch --index sensu --full_event_logging
env_vars:
- ELASTICSEARCH_URL=http://backend:9200
filters:
runtime_assets:
- jkerry/sensu-go-elasticsearchDid this work without credentials? 
Yes, it was without credentials. However the README for the asset shows this as an example for username/password combinations:
ELASTICSEARCH_URL=https://USERNAME:PASSWORD@URL_TO_ELASTICSEARCH:9243
Ahhh I see there is an issue with the certificateā¦ as it is a self signed cert that is automatically managed by the elastic cloud on kubernetes operatorā¦
Can a TLS-Skip verify be implemented to this handler?
"handler":"elastic","level":"info","msg":"event pipe handler executed","namespace":"default","output":"Error: error sending metric data to elasticsearch: Error getting response: x509: certificate signed by unknown authority\
Oh yeah, I can see that being an issue. I will work on getting something done on that in the next few days. Will want to add support for providing your own CA as well.
My fork of that handler with --insecure-skip-verify and --trusted-ca-file support is now on Bonsai.
https://bonsai.sensu.io/assets/nixwiz/sensu-go-elasticsearch
Wow that was fast.
Works like expected - thanks a lot 