Write check response on agent to log file

Is there a way to write the output of failed checks into a log file?
I am kind of thinking of a parameter that could be set on the agents, to write the responses of failed checks into a specific log file.

This way I could collect them with filebeat and send them to elastic.

Why not use an elasticsearch handler with a filter on it that only sends the event data on check failures?

1 Like

Thats a valid question.
I found that assets after posting my question.
Will definitely give a it a look :slight_smile:

Have you ever used that handler? I am clearly struggling to make it work…

I’ve only used it in a lab/demo environment. This is the handler definition I used.

type: Handler
api_version: core/v2
  name: elasticsearch
  namespace: default
  type: pipe
  command: sensu-go-elasticsearch --index sensu --full_event_logging
  - ELASTICSEARCH_URL=http://backend:9200
  - jkerry/sensu-go-elasticsearch

Did this work without credentials? :thinking:

Yes, it was without credentials. However the README for the asset shows this as an example for username/password combinations:


Ahhh I see there is an issue with the certificate… as it is a self signed cert that is automatically managed by the elastic cloud on kubernetes operator…

Can a TLS-Skip verify be implemented to this handler?

"handler":"elastic","level":"info","msg":"event pipe handler executed","namespace":"default","output":"Error: error sending metric data to elasticsearch: Error getting response: x509: certificate signed by unknown authority\

Oh yeah, I can see that being an issue. I will work on getting something done on that in the next few days. Will want to add support for providing your own CA as well.

1 Like

My fork of that handler with --insecure-skip-verify and --trusted-ca-file support is now on Bonsai.



Wow that was fast.
Works like expected - thanks a lot :+1: