Monitor Elasticsearch in Docker with Monit

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

Running Elasticsearch as docker container is straightforward. If you don’t have a cluster manager like Kubernetes, monit can help you to keep track of the container lifecycle.

An exemplary monit configuration:

CHECK PROCESS elasticsearch WITH MATCHING "org.elasticsearch.bootstrap.Elasticsearch"
CHECK PROGRAM elasticsearch_container WITH PATH "/usr/bin/docker top elasticsearch"
  if status != 0 then alert
    alert warning@cinhtau.net
  group elkstack
CHECK HOST elasticsearch_healthcheck WITH ADDRESS cinhtau.net
  if failed url http://cinhtau.net:9200 for 5 cycles
    then alert
      alert warning@cinhtau.net BUT not on { action, instance }
  depends on elasticsearch_container
  group elkstack
CHECK FILE elasticsearch_logfile with path /var/log/elasticsearch/test-cluster.log
  if match "ERROR" for 2 times within 5 cycles then alert
    alert elasticsearch@cinhtau.net BUT not on { action, instance, nonexist }
  depends on elasticsearch_container
  group elkstack

Pay attention to the nonexist option. Monit does an implicit check if the logifle exists. Elasticsearch writes a log file. Our housekeeping, logrotate or some kind of janitor script, rename, compress or delete this file. So if the file is missing, monit would complain without the option. If the file doesn’t exists, which is basically good for prod, you don’t want to be notified or warned. No logs, no errors, no worries.

Please remember the terms for blog comments.