====== How to configure elasticsearch in zabbix ======
* Elasticsearch version: 7.3
* Zabbix-server version: 4.2
* Officlal documentation: [[https://www.zabbix.com/documentation/4.2/manual/appendix/install/elastic_search_setup|3. Elasticsearch setup [Zabbix Documentation 4.2]]]
===== Zabbix server and frontend =====
==== Zabbix server ====
File: /etc/zabbix/zabbix_server.conf
### Option: HistoryStorageURL
# History storage HTTP[S] URL.
#
# Mandatory: no
# Default:
# HistoryStorageURL=
### Option: HistoryStorageTypes
# Comma separated list of value types to be sent to the history storage.
#
# Mandatory: no
# Default:
# HistoryStorageTypes=uint,dbl,str,log,text
For example (on elasticsearch 7.3, only `dbl` working):
HistoryStorageURL=http://elasticsearch.local:9200
HistoryStorageTypes=dbl,str,log,text
==== Zabbix frontend ====
File: /usr/share/zabbix/conf/zabbix.conf.php
// Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url'] = [
'uint' => 'http://elasticsearch.local:9200',
'dbl' => 'http://elasticsearch.local:9200',
'str' => 'http://elasticsearch.local:9200',
'log' => 'http://elasticsearch.local:9200',
'text' => 'http://elasticsearch.local:9200'
];
// Value types stored in Elasticsearch.
$HISTORY['types'] = ['unit', 'db1', 'str', 'log', 'text'];
and modify `global' variables on first line:
// Zabbix GUI configuration file.
global $DB, $HISTORY;
For example:
// Zabbix GUI configuration file.
global $DB, $HISTORY;
(skip)
$HISTORY['url'] = 'http://elasticsearch.local:9200';
$HISTORY['types'] = ['dbl', 'str', 'text', 'log'];
===== Creating mapping to Elasticsearch =====
==== What difference between offical document and this? (troubleshooting) ====
The `mapping types` was removed on elasticsearch 7.0 and higher. It is cause to occur mapping error. details is [[https://www.elastic.co/guide/en/elasticsearch/reference/current/removal-of-types.html#removal-of-types|link #1]] [[https://stackoverflow.com/questions/39288997/elasticsearch-root-mapping-definition-has-unsupported-parameters-index-not-a|link #2]].
{
"error":{
"root_cause":[
{
"type":"mapper_parsing_exception",
"reason":"Root mapping definition has unsupported parameters: [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]"
}
],
"type":"mapper_parsing_exception",
"reason":"Failed to parse mapping [_doc]: Root mapping definition has unsupported parameters: [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]",
"caused_by":{
"type":"mapper_parsing_exception",
"reason":"Root mapping definition has unsupported parameters: [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]"
}
},
"status":400
}
So, you have to following this sentence:
==== Creating indices and templates ===
step 1
curl -X PUT \
http://elasticsearch.local:9200/_template/uint_template \
-H 'content-type:application/json' \
-d '{
"template": "uint*",
"index_patterns": ["uint*"],
"settings" : {
"index" : {
"number_of_replicas" : 1,
"number_of_shards" : 5
}
},
"mappings" : {
"properties" : {
"itemid" : {
"type" : "long"
},
"clock" : {
"format" : "epoch_second",
"type" : "date"
},
"value" : {
"type" : "long"
}
}
}
}'
step 2
curl -X PUT \
http://elasticsearch.local:9200/_template/text_template \
-H 'content-type:application/json' \
-d '{
"template": "text*",
"index_patterns": ["text*"],
"settings" : {
"index" : {
"number_of_replicas" : 1,
"number_of_shards" : 5
}
},
"mappings" : {
"properties" : {
"itemid" : {
"type" : "long"
},
"clock" : {
"format" : "epoch_second",
"type" : "date"
},
"value" : {
"fields" : {
"analyzed" : {
"index" : true,
"type" : "text",
"analyzer" : "standard"
}
},
"index" : false,
"type" : "text"
}
}
}
}'
step 3
curl -X PUT \
http://elasticsearch.local:9200/_ingest/pipeline/uint-pipeline \
-H 'content-type:application/json' \
-d '{
"description": "daily uint index naming",
"processors": [
{
"date_index_name": {
"field": "clock",
"date_formats": ["UNIX"],
"index_name_prefix": "uint-",
"date_rounding": "d"
}
}
]
}'
===== Creating date-based indices on Elasticsearch (Optional) =====
Devide indices by each date when creating index. 0 is diable. 1 is enable.
### Option: HistoryStorageDateIndex
# Enable preprocessing of history values in history storage to store values in different indices based on date.
# 0 - disable
# 1 - enable
#
# Mandatory: no
# Default:
# HistoryStorageDateIndex=0
===== Restart zabbix service =====
Do execute command `service zabbix-server restart` or systemd, systemctl, etc.
==== Troubleshooting: Permission Denied ====
7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7424:20190830:114204.392 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7424:20190830:114204.392 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7424:20190830:114204.393 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
7424:20190830:114204.393 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied