Fixed Graylog alerts

cmk/plugins/graylog/__init__.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+# Copyright (C) 2024 Checkmk GmbH - License: GNU General Public License v2
+# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
+# conditions defined in the file COPYING, which is part of this source code package.

cmk/plugins/graylog/agent_based/__init__.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+# Copyright (C) 2024 Checkmk GmbH - License: GNU General Public License v2
+# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
+# conditions defined in the file COPYING, which is part of this source code package.

cmk/plugins/graylog/agent_based/alerts.py

@@ -0,0 +1,90 @@
+#!/usr/bin/env python3
+# Copyright (C) 2019 Checkmk GmbH - License: GNU General Public License v2
+# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
+# conditions defined in the file COPYING, which is part of this source code package.
+
+"""
+Kuhn & Rueß GmbH
+Consulting and Development
+https://kuhn-ruess.de
+
+"""
+
+from collections.abc import Mapping
+from json import loads
+from typing import Any, NamedTuple
+
+from cmk.agent_based.v2 import (
+    AgentSection,
+    check_levels,
+    CheckPlugin,
+    CheckResult,
+    DiscoveryResult,
+    Service,
+    StringTable,
+)
+
+# <<<graylog_alerts>>>
+# {"alerts": {"num_of_events": 547, "num_of_alerts": 4}}
+
+# <<<graylog_alerts>>>
+# {"alerts": {"num_of_events": 5, "num_of_alerts": 0}}
+
+
+class AlertsInfo(NamedTuple):
+    num_of_events: int
+    num_of_alerts: int
+
+
+def parse_graylog_alerts(string_table: StringTable) -> AlertsInfo | None:
+    """
+    Parse JSON data to AlertsInfo
+    """
+    alerts_section = loads(string_table[0][0])
+
+    if len(alerts_section) != 1:
+        return None
+
+    alerts_data = alerts_section.get("alerts")
+
+    return AlertsInfo(
+        num_of_events=alerts_data.get("num_of_events"),
+        num_of_alerts=alerts_data.get("num_of_alerts"),
+    )
+
+
+agent_section_graylog_alerts = AgentSection(
+    name="graylog_alerts",
+    parse_function=parse_graylog_alerts,
+)
+
+
+def discover_graylog_alerts(section: AlertsInfo) -> DiscoveryResult:
+    """
+    Discover one service
+    """
+    if section:
+        yield Service(item=None)
+
+
+def check_graylog_alerts(params: Mapping[str, Any], section: AlertsInfo) -> CheckResult:
+    for which in ["alerts", "events"]:
+        yield from check_levels(
+            value=(section._asdict())[f"num_of_{which}"],
+            levels_upper=params.get(f"{which}_upper", None),
+            levels_lower=params.get(f"{which}_lower", None),
+            metric_name=f"graylog_{which}",
+            render_func=lambda x: str(int(x)),
+            label=f"Total number of {which}",
+        )
+
+
+check_plugin_graylog_alerts = CheckPlugin(
+    name="graylog_alerts",
+    sections=["graylog_alerts"],
+    service_name="Graylog Cluster Alerts",
+    discovery_function=discover_graylog_alerts,
+    check_function=check_graylog_alerts,
+    check_default_parameters={},
+    check_ruleset_name="graylog_alerts",
+)

cmk/plugins/collection/checkman/graylog_alerts → cmk/plugins/graylog/checkman/graylog_alerts

@@ -1,17 +1,18 @@
-title: Graylog: Sources
+title: Graylog: Alerts
 agents: graylog
 catalog: app/graylog
 license: GPLv2
 distribution: check_mk
 description:
- This check plug-in monitors the count of alerts a Graylog
- instance. It outputs the total number of alerts.
- You can also configure the check plug-in to monitor the number of alerts in a given timeframe.
+ This check plug-in monitors the count of alerts and events of a Graylog
+ instance. It outputs the total number of alerts and events.
+ You can also configure the check plug-in to monitor the number of alerts
+ and events in a given timeframe.
  You would do that by configuring the "Time for coverage of alerts" option 
  when configuring the Graylog special agent.
 
 item:
  Does not have an item.
 
 discovery:
- One service is created.
+ One service is created.

cmk/plugins/graylog/graphing/__init__.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+# Copyright (C) 2024 Checkmk GmbH - License: GNU General Public License v2
+# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
+# conditions defined in the file COPYING, which is part of this source code package.

cmk/plugins/graylog/graphing/alerts.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+
+"""
+Kuhn & Rueß GmbH
+Consulting and Development
+https://kuhn-ruess.de
+"""
+
+from cmk.graphing.v1 import Title
+from cmk.graphing.v1.graphs import Graph
+from cmk.graphing.v1.metrics import Color, DecimalNotation, Metric, Unit
+
+UNIT_NUMBER = Unit(DecimalNotation(""))
+
+metric_graylog_alerts = Metric(
+    name="graylog_alerts",
+    title=Title("Total amount of alerts"),
+    unit=UNIT_NUMBER,
+    color=Color.BLUE,
+)
+metric_graylog_events = Metric(
+    name="graylog_events",
+    title=Title("Total amount of events"),
+    unit=UNIT_NUMBER,
+    color=Color.GREEN,
+)
+
+graph_graylog_alerts = Graph(
+    name="gralog_alerts",
+    title=Title("Graylog alerts and events"),
+    simple_lines=["graylog_alerts", "graylog_events"],
+)

cmk/plugins/graylog/rulesets/__init__.py

@@ -0,0 +1,4 @@
+#!/usr/bin/env python3
+# Copyright (C) 2024 Checkmk GmbH - License: GNU General Public License v2
+# This file is part of Checkmk (https://checkmk.com). It is subject to the terms and
+# conditions defined in the file COPYING, which is part of this source code package.

cmk/plugins/graylog/rulesets/alerts.py

@@ -0,0 +1,67 @@
+#!/usr/bin/env python3
+
+"""
+Kuhn & Rueß GmbH
+Consulting and Development
+https://kuhn-ruess.de
+"""
+
+from cmk.rulesets.v1 import Title
+from cmk.rulesets.v1.form_specs import (
+    DictElement,
+    Dictionary,
+    InputHint,
+    Integer,
+    LevelDirection,
+    SimpleLevels,
+)
+from cmk.rulesets.v1.rule_specs import CheckParameters, HostCondition, Topic
+
+
+def _parameter_form_graylog_alerts():
+    return Dictionary(
+        title=Title("Graylog alerts"),
+        elements={
+            "alerts_upper": DictElement(
+                parameter_form=SimpleLevels(
+                    title=Title("Total alerts count upper levels"),
+                    level_direction=LevelDirection.UPPER,
+                    form_spec_template=Integer(),
+                    prefill_fixed_levels=InputHint((0, 0)),
+                )
+            ),
+            "alerts_lower": DictElement(
+                parameter_form=SimpleLevels(
+                    title=Title("Total alerts count lower levels"),
+                    level_direction=LevelDirection.LOWER,
+                    form_spec_template=Integer(),
+                    prefill_fixed_levels=InputHint((0, 0)),
+                )
+            ),
+            "events_upper": DictElement(
+                parameter_form=SimpleLevels(
+                    title=Title("Total events count upper levels"),
+                    level_direction=LevelDirection.UPPER,
+                    form_spec_template=Integer(),
+                    prefill_fixed_levels=InputHint((0, 0)),
+                )
+            ),
+            "events_lower": DictElement(
+                parameter_form=SimpleLevels(
+                    title=Title("Total events count lower levels"),
+                    level_direction=LevelDirection.LOWER,
+                    form_spec_template=Integer(),
+                    prefill_fixed_levels=InputHint((0, 0)),
+                )
+            ),
+        },
+    )
+
+
+rule_spec_graylog_alerts = CheckParameters(
+    name="graylog_alerts",
+    topic=Topic.APPLICATIONS,
+    condition=HostCondition(),
+    parameter_form=_parameter_form_graylog_alerts,
+    title=Title("Graylog alerts"),
+)