Analyze Opsview Data with Elastic Stack

Introduced with release 6.1, Opsview Monitor’s Results Exporter component provides a simple, complete framework for transforming and exporting events and metrics to log servers and external analytics platforms. That’s powerful -- since Opsview Monitor gathers information from all your dispersed IT infrastructure and applications, analyzing this data can pinpoint issues with security and access, capacity utilization/efficiency, application performance, costs, etc.  

We’ve recently published a tutorial on how to use Results Exporter to integrate Opsview Monitor with Splunk analytics, along with a companion video. In parallel with the release of Opsview Monitor 6.2, we’ve created another tutorial and video -- this set focusing on integration with Elastic Stack: the Elasticsearch search engine, the log ingestion/formatting/output tool Logstash, and the visualization framework Kibana, along with Beats -- a plugin-based data shipping framework. 

Elastic Stack is the most widely-used open source big data platform -- selected by organizations like Microsoft, LinkedIn, Netflix, Facebook, and Cisco for a host of tasks, including log monitoring and creation of standardized dashboards for organization-wide analytics and status-sharing. 

For both these reasons (and many others), getting data from Opsview Monitor into Elastic is a very good idea, so we’re excited to share how this is (easily) accomplished. Our tutorial covers the whole process at a simplified level, including: 

Results Exporter configuration - For providing file output to locally-installed Filebeats for shipping to Logstash/Elastic/Kibana; or using syslog UDP to ship data directly across the network to Logstash. 

Logstash configuration - For ingesting Filebeat or syslog/UDP input, processing it with grok/kv/ruby, and uplinking it to Elasticsearch on localhost. 

… Plus some notes on using Elasticsearch to visualize Opsview Monitor-gathered metrics. Please have a look!