{"id":1352,"date":"2023-07-29T12:38:19","date_gmt":"2023-07-29T17:38:19","guid":{"rendered":"https:\/\/www.nathanhunstad.com\/blog\/?p=1352"},"modified":"2023-07-29T12:38:19","modified_gmt":"2023-07-29T17:38:19","slug":"monitor-your-ups-with-logstash-the-easy-way","status":"publish","type":"post","link":"https:\/\/www.nathanhunstad.com\/blog\/2023\/07\/monitor-your-ups-with-logstash-the-easy-way\/","title":{"rendered":"Monitor your UPS with Logstash the easy way"},"content":{"rendered":"\n

Many years ago, I wrote a blog post about monitoring my UPS with Splunk<\/a>. Since then, I’ve moved away from Splunk to the Elastic stack. Fortunately, moving that monitoring over was pretty much a breeze.<\/p>\n\n\n\n

The information is still coming from upslog, which is bundled in with nut. FIrst, I configured nut to define the UPS and the connectivity, in this case a USB connection. Then, I had to modify the upslog.service<\/code> file to get it to start and monitor the correct UPS device, then output it to \/var\/log\/ups.log<\/code>. Honestly, that was the hardest part of the configuration. From here, it was a breeze.<\/p>\n\n\n\n

Once upslog was outputting data to the log file, I simply created a logstash config to read it:<\/p>\n\n\n\n

input {\n    file {\n        path => \"\/var\/log\/ups.log\"\n        tags => [ \"ups\" ]\n    }\n\n}<\/code><\/pre>\n\n\n\n
Then, this grok filter parses out all the appropriate fields:<\/p>\n\n\n\n
filter {\n  ...\n  else if \"ups\" in [tags] {\n    grok {\n      match => {\n        message => [ \"^%{DATA:rawdate} %{DATA:rawtime} %{INT:battery.charge} %{NUMBER:battery.volts:float} %{INT:battery.load} \\[%{DATA:battery.status}\\] %{GREEDYDATA}$\" ]\n      }\n      add_tag => [ \"ups_parsed\" ]\n    }\n    mutate {\n      copy => {\n        \"message\" => \"log.original\"\n      }\n      rename => {\n        \"host\" => \"host.hostname\"\n        \"path\" => \"file.name\"\n      }\n    }\n  }\n}<\/code><\/pre>\n\n\n\n
This is directed into a datastream in Elastic:<\/p>\n\n\n\n
output {\n  ...\n  else if \"ups\" in [tags] {\n    elasticsearch {\n      hosts => [ \"192.168.2.12:9200\" ]\n      index => \"logstash-ups\"\n      manage_template => false\n      user => logstash_writer\n      password => xxxxxxxxxxxxxxxx\n      action => \"create\"\n    }\n  }\n}<\/code><\/pre>\n\n\n\n
I’m a big fan of the Elastic Common Schema<\/a> (ECS), and I’ve extended it where necessary, such as this mapping for the UPS battery fields:<\/p>\n\n\n\n
\n{\n  \"_meta\": {\n    \"version\": \"1.5.0\"\n  },\n  \"date_detection\": false,\n  \"dynamic_templates\": [\n    {\n      \"strings_as_keyword\": {\n        \"mapping\": {\n          \"ignore_above\": 1024,\n          \"type\": \"keyword\"\n        },\n        \"match_mapping_type\": \"string\"\n      }\n    }\n  ],\n  \"properties\": {\n    \"@timestamp\": {\n      \"type\": \"date\"\n    },\n    \"battery\": {\n      \"type\": \"object\",\n      \"properties\": {\n        \"charge\": {\n          \"type\": \"integer\"\n        },\n        \"load\": {\n          \"type\": \"integer\"\n        },\n        \"status\": {\n          \"type\": \"keyword\"\n        },\n        \"volts\": {\n          \"type\": \"float\"\n        }\n      }\n    }\n  }\n}<\/code><\/pre>\n\n\n\n
Putting all of that together, I get parsed, well-formatted data that allows me to monitor my UPS on a custom dashboard:<\/p>\n\n\n\n
\"\"<\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"
Many years ago, I wrote a blog post about monitoring my UPS with Splunk. Since then, I’ve moved away from Splunk to the Elastic stack. Fortunately, moving that monitoring over was pretty much a breeze. The information is still coming from upslog, which is bundled in with nut. FIrst, I configured nut to define the… Continue reading Monitor your UPS with  Logstash the easy way<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1352","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/comments?post=1352"}],"version-history":[{"count":2,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1352\/revisions"}],"predecessor-version":[{"id":1356,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/posts\/1352\/revisions\/1356"}],"wp:attachment":[{"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/media?parent=1352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/categories?post=1352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nathanhunstad.com\/blog\/wp-json\/wp\/v2\/tags?post=1352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}