How to configure elasticsearch in zabbix

• Elasticsearch version: 7.3
• Zabbix-server version: 4.2
• Officlal documentation: 3. Elasticsearch setup [Zabbix Documentation 4.2]

File: /etc/zabbix/zabbix_server.conf

### Option: HistoryStorageURL
#	History storage HTTP[S] URL.
#
# Mandatory: no
# Default:
# HistoryStorageURL= 
### Option: HistoryStorageTypes
#	Comma separated list of value types to be sent to the history storage.
#
# Mandatory: no
# Default:
# HistoryStorageTypes=uint,dbl,str,log,text

For example (on elasticsearch 7.3, only `dbl` working):

HistoryStorageURL=http://elasticsearch.local:9200
HistoryStorageTypes=dbl,str,log,text

File: /usr/share/zabbix/conf/zabbix.conf.php

// Elasticsearch url (can be string if same url is used for all types).
$HISTORY['url']   = [
	'uint' => 'http://elasticsearch.local:9200',
        'dbl' => 'http://elasticsearch.local:9200',
        'str' => 'http://elasticsearch.local:9200',
        'log' => 'http://elasticsearch.local:9200',
        'text' => 'http://elasticsearch.local:9200'
];
// Value types stored in Elasticsearch.
$HISTORY['types'] = ['unit', 'db1', 'str', 'log', 'text'];

and modify `global' variables on first line:

// Zabbix GUI configuration file.
global $DB, $HISTORY;

For example:

// Zabbix GUI configuration file.
global $DB, $HISTORY;

(skip)

$HISTORY['url']   = 'http://elasticsearch.local:9200';
$HISTORY['types'] = ['dbl', 'str', 'text', 'log'];

The `mapping types` was removed on elasticsearch 7.0 and higher. It is cause to occur mapping error. details is link #1 link #2.

{
   "error":{
      "root_cause":[
         {
            "type":"mapper_parsing_exception",
            "reason":"Root mapping definition has unsupported parameters:  [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]"
         }
      ],
      "type":"mapper_parsing_exception",
      "reason":"Failed to parse mapping [_doc]: Root mapping definition has unsupported parameters:  [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]",
      "caused_by":{
         "type":"mapper_parsing_exception",
         "reason":"Root mapping definition has unsupported parameters:  [values : {properties={itemid={type=long}, clock={format=epoch_second, type=date}, value={index=false, fields={analyzed={analyzer=standard, index=true, type=text}}, type=text}}}]"
      }
   },
   "status":400
}

So, you have to following this sentence:

step 1

curl -X PUT \
 http://elasticsearch.local:9200/_template/uint_template \
 -H 'content-type:application/json' \
 -d '{
   "template": "uint*",
   "index_patterns": ["uint*"],
   "settings" : {
      "index" : {
         "number_of_replicas" : 1,
         "number_of_shards" : 5
      }
   },
   "mappings" : {
      "properties" : {
         "itemid" : {
            "type" : "long"
         },
         "clock" : {
            "format" : "epoch_second",
            "type" : "date"
         },
         "value" : {
            "type" : "long"
         }
      }
   }
}'

step 2

curl -X PUT \
 http://elasticsearch.local:9200/_template/text_template \
 -H 'content-type:application/json' \
 -d '{
   "template": "text*",
   "index_patterns": ["text*"],
   "settings" : {
      "index" : {
         "number_of_replicas" : 1,
         "number_of_shards" : 5
      }
   },
   "mappings" : {
     "properties" : {
         "itemid" : {
            "type" : "long"
         },
         "clock" : {
            "format" : "epoch_second",
            "type" : "date"
         },
         "value" : {
            "fields" : {
               "analyzed" : {
                  "index" : true,
                  "type" : "text",
                  "analyzer" : "standard"
               }
            },
            "index" : false,
            "type" : "text"
         }
      }
   }
}'

step 3

curl -X PUT \
 http://elasticsearch.local:9200/_ingest/pipeline/uint-pipeline \
 -H 'content-type:application/json' \
 -d '{
  "description": "daily uint index naming",
  "processors": [
    {
      "date_index_name": {
        "field": "clock",
        "date_formats": ["UNIX"],
        "index_name_prefix": "uint-",
        "date_rounding": "d"
      }
    }
  ]
}'

Devide indices by each date when creating index. 0 is diable. 1 is enable.

### Option: HistoryStorageDateIndex
#	Enable preprocessing of history values in history storage to store values in different indices based on date.
#	0 - disable
#	1 - enable
#
# Mandatory: no
# Default:
# HistoryStorageDateIndex=0

Do execute command `service zabbix-server restart` or systemd, systemctl, etc.

7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7426:20190830:114203.388 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7424:20190830:114204.392 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7424:20190830:114204.392 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7424:20190830:114204.393 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied
  7424:20190830:114204.393 cannot get values from elasticsearch: Failed to connect to elasticsearch.local: Permission denied