Tech Tip: UIM - Monitoring JSON sources using logmon

Document created by NestorFalcon Employee on Nov 21, 2016Last modified by SamCreek on Dec 17, 2016
Version 4Show Document
  • View in full screen mode

Monitoring JSON sources using logmon

 

The following approach describes how to use OOTB logmon profiles to integrate with JSON-based sources such as the REST API from ElasticSearch or GitHub.

Let’s take a JSON source like:

{

  "elasticsearch": {

    "status": "UP",

    "clusterName": "elasticsearch",

    "numberOfNodes": 2

  },

  "diskSpace": {

    "status": "UP",

    "total": 624541245554,

    "free": 365145254516

  },

  "db": {

    "status": "DOWN",

    "database": "Oracle"

  }

}

 

 

We can configure the logmon probe in command mode to execute:

C:\curl.exe -s <JSON_output_URL> | C:\jq-win64.exe -c "to_entries[]"

The URL called is the endpoint to be monitored and curl and jq are free tools (under MIT license) that can be obtained here:
https://stedolan.github.io/jq/
https://curl.haxx.se/

Curl makes use of the switch “-s” (silent mode) while jq-win64 tool uses the switch “-c” to compact each json object into a single line (preferred format for logmon).

Now, to monitor each entry, define Watcher rules to match DOWN/UP components. For instance:

/key\":\"([A-Za-z]+)\",\"value\":{\"status\":\"DOWN*/

The component being down is stored into a variable and used to produce the associated alarm.

Finally, remember to use the suppression key field to clear alarms when a component is up again

 

This can be very useful to import data from remote JSON sources or monitor 3rd party system via REST API.

Hope it helps, let me know if questions,

Nestor

3 people found this helpful

Attachments

    Outcomes