Monitoring plugin check_es_system 1.11.0 released: Show read only index(es) in output and jq is the new default JSON parser

Written by Claudio Kuenzler - 0 comments

Published on November 25th 2020 - Listed in Elasticsearch Monitoring ELK

---

A new version of check_es_system, a monitoring plugin to monitor Elasticsearch clusters and nodes, is available!

Version 1.11.0 is an enhancement release (requested in issue #30). The readonly check type now shows discovered index(es) marked as read_only or read_only_allow_delete when using jq as json parser in the background:

./check_es_system.sh -H escluster.example.com -P 9243 -S -u user -p password -t readonly
ES SYSTEM CRITICAL - 1 index(es) found read-only claudiotest - 116 index(es) found read-only (allow delete) logstash-2020.09.21 logstash-2020.09.04 filebeat-2020.09.04 .monitoring-es-6-2020.09.21 idx filebeat-2020.09.08 filebeat-2020.09.07 filebeat-2020.09.01 claudiotest2 .management-beats logstash-2020.09.05 filebeat-2020.09.10 logstash-2020.09.06 .triggered_watches-6 logstash-2020.09.02 filebeat-2020.09.21 logstash-2020.09.03 .monitoring-kibana-6-2020.09.21 filebeat-2020.09.03 logstash-2020.09.01 logstash-2020.09.08 kibana_sample_data_logs .kibana_7 .kibana_task_manager filebeat-2020.09.05 .security-6 .watches filebeat-2020.09.11 filebeat-2020.09.09 .kibana-6 filebeat-2020.09.02 logstash-2020.09.07 filebeat-2020.09.06

As you can see from the output, read_only and read_only_allow_delete indexes are shown differently.

Note: In case you are unaware, when Elasticsearch runs into problems (e.g. disk full), it marks the index(es) as read_only_allow_delete and new data cannot be written into these indexes anymore. See article Elasticsearch ignored disk watermark settings and enforced read only index for more information. It is therefore a very handy check to quickly identify if your Elasticsearch went into read only mode.

To be able to parse all the read only indexes from Elasticsearch's output (in json), a special function of jq is needed. From the source code:

roindexes=$(echo $settings | jq -r '.[].settings.index |select(.blocks.read_only == "true").provided_name')

The select function is used as a filter and is looking for all the keys read_only with a value of true. If it finds such a key, the name of this relevant index (provided_name) is displayed. 

Unfortunately the other supported JSON parser, jshon, does not offer such a filter or search function. Therefore the output of the discovered read only index(es) only show up when using jq as parser.

Due to this fact, the default JSON parser from this version on is jq. Both parsers remain (as for now) supported.

More recent articles:

• Terminator terminal broadcast all option broadcasts input to all other terminator windows

• How to create a user and grant privileges in MySQL 8.x using GRANT

• Solve Seahub start problems after Seafile upgrade from 6.2 to 7.0

• PHP: Translations with gettext not working in Apache mod_php but works on command line (caused by mod_perl)

• Nginx 1.14 on Debian 10 (Buster) filling error logs with nchan_store_init_worker assertion failed

• Western Digital SSD Dashboard (Software) broken, shows empty black display

• How to edit HTML/XML code syntax as content loaded in Xinha Editor

• How to force a restart of a (frozen) Huawei smartphone (tested with Mate 20 Pro)

• Release 1.10.1 of monitoring plugin check_es_system fixes thresholds in jthreads check type

• Fixing Perl script using LWP unable to connect to TLS 1.2 URL; failing with sslv3 alert handshake failure

• How to convert form fields into JSON data and submit data with HTTP POST using curl in PHP

• How to identify and replace a failing drive behind Fusion-MPT SAS-2 controller on IBM System X server

• How to do a firmware update of Integrated Management Module (IMM2) on a IBM System X Server

• How to update smartmontools drivedb in Debian Stretch (without package update)

• Monitoring plugin check_smart 6.8 allows to skip SMART self-assessment check, adds Commmand_Timeout attribute to default raw list