Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-9653

API - auditlog.get JSON ingest into ELK

XMLWordPrintable

    • Icon: Change Request Change Request
    • Resolution: Unresolved
    • Icon: Trivial Trivial
    • None
    • None
    • API (A)

      Steps to reproduce:

      1. Create a (python) script that fetches records from auditlog.get and store them in a file
      2. Use Filebeat and Logstash to parse the produced JSON
      3. Also parse the "details" string using a second JSON parser step

      Result:
      Sometimes the "details" contain a key like: item.preprocessing[62432].
      This naming causes ES to produce a unique fieldname like zabbix.auditlog.detail.item.preprocessing[62342] which causes the number of fields in an index to rise exponentially. This in turn can even cause ES to stop functioning.
      Expected:
      Would be better to set the unique number as a (sub)item, something like zabbix.auditlog.detail.item.preprocessing.item_id => 62432

        1. zbx_details_item_preprocessing.png
          zbx_details_item_preprocessing.png
          195 kB

            zabbix.support Zabbix Support Team
            Guijt Jeroen Guijt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: