-
Notifications
You must be signed in to change notification settings - Fork 147
/
postgresql.discovery.yaml
69 lines (69 loc) · 3.38 KB
/
postgresql.discovery.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#####################################################################################
# Do not edit manually! #
# All changes must be made to associated .tmpl file before running 'make bundle.d'. #
#####################################################################################
postgresql:
enabled: true
rule:
docker_observer: type == "container" and any([name, image, command], {# matches "(?i)postgres"}) and not (command matches "splunk.discovery")
host_observer: type == "hostport" and command matches "(?i)postgres" and not (command matches "splunk.discovery")
k8s_observer: type == "port" and pod.name matches "(?i)postgres"
config:
default:
username: splunk.discovery.default
password: splunk.discovery.default
status:
metrics:
- status: successful
strict: postgresql.commits
log_record:
body: PostgreSQL receiver is working!
statements:
- status: failed
regexp: 'connect: network is unreachable'
log_record:
append_pattern: true
body: The container cannot be reached by the Collector. Make sure they're in the same network.
- status: failed
regexp: 'connect: connection refused'
log_record:
append_pattern: true
body: The container is refusing PostgreSQL connections.
- status: partial
regexp: 'pq: password authentication failed for user'
log_record:
append_pattern: true
body: >-
Please ensure your user credentials are correctly specified with
`--set splunk.discovery.receivers.postgresql.config.username="<username>"` and
`--set splunk.discovery.receivers.postgresql.config.password="<password>"` or
`SPLUNK_DISCOVERY_RECEIVERS_postgresql_CONFIG_username="<username>"` and
`SPLUNK_DISCOVERY_RECEIVERS_postgresql_CONFIG_password="<password>"` environment variables.
- status: partial
regexp: 'pq: database .* does not exist'
log_record:
append_pattern: true
body: >-
Make sure the target database is correctly specified using the
`--set splunk.discovery.receivers.postgresql.config.databases="[<db>]"` command or the
`SPLUNK_DISCOVERY_RECEIVERS_postgresql_CONFIG_databases="[<db>]"` environment variable.
- status: partial
regexp: 'pq: SSL is not enabled on the server'
log_record:
append_pattern: true
body: >-
Make sure the target database has SSL enabled or set insecure using the
`--set splunk.discovery.receivers.postgresql.config.tls::insecure="<boolean>"` command or the
`SPLUNK_DISCOVERY_RECEIVERS_postgresql_CONFIG_tls_x3a__x3a_insecure="<boolean>"` environment variable.
- status: partial
regexp: 'pq: pg_stat_statements must be loaded via shared_preload_libraries'
log_record:
append_pattern: true
body: >-
Make sure your PostgreSQL database has
`shared_preload_libraries = 'pg_stat_statements'`
in the postgresql.conf file and that
`CREATE EXTENSION IF NOT EXISTS pg_stat_statements;`
has been run for each database you would like to monitor.
For example:
`psql --dbname "<db-name>" -c "CREATE EXTENSION pg_stat_statements;"`