Start rules for "PluginCheckTask" logs

helps with #12
Icinga · May 3, 2019 · bfb4a4b · bfb4a4b
1 parent 8973e8d
commit bfb4a4b
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/filter-50-pluginchecktask.conf b/filter-50-pluginchecktask.conf
@@ -0,0 +1,16 @@
+filter {
+  if [icinga][facility] == "PluginCheckTask" {
+    if [message] =~ /^Check command for object/ {
+      grok {
+        match => ["message","Check command for object '%{DATA:[icinga][object]}' \(PID: %{POSINT:[icinga][plugin][pid]}, arguments: '%{DATA:[icinga][plugin][plugin]}' %{DATA:[icinga][pugin][arguments]}\) terminated with exit code %{POSINT:[icinga][plugin][exitcode]}, output: %{GREEDYDATA:[icinga][plugin][output]}"]
+        id => "icinga_checkcommandforobject"
+        add_tag => "icinga_checkcommandforobject"
+        tag_on_failure => ["_grokparsefailure","icinga_checkcommandforobject_failed"]
+        add_field => {
+          "[icinga][eventtype]" => "icinga_checkcommandforobject"
+        }
+      }
+    }
+  }
+}
+