Forwarding Events to Elasticsearch 1.x

OpenNMS can be configured to forward all Events and Alarms to Elasticsearch 1.x for indexing, long time archiving, plotting with Grafana and browsing with Kibana.

Elasticsearch is not intended as a replacement for PostgreSQL which is still a required component to run OpenNMS.

First check that your OpenNMS installation supports this feature. If it does there should be a ${OPENNMS_HOME}/etc/org.opennms.features.elasticsearch.eventforwarder.cfg file.

Now open the file, review its content and make sure to apply the correct settings depending on your environment.

The following table describes all settings and possible values.

Parameter Default Description



The name of the Elasticsearch cluster as specified in the Elasticsearch configuration file (required).



the TransportClient remote host ip to use. Has the same meaning as the ip options of the camel-elasticsearch component



Whether to forward the event description to Elasticsearch. The reason it is off by default is that it is usually some standard, generic, repetitive and possibility long text which will grow the index without adding useful information.



The number of minutes the node information is kept in the cache. Set to 0 to disable (which is the default and is generally safe because the cache knows when to refresh itself, by intercepting nodeUpdated and similar events)



The number of node information entries to be kept in the cache before eviction start. Set to 0 to disable.

The first two (elasticsearchCluster and elasticsearchIp) settings are the most likely to require changing. If unsure do not change the remaining three.

Once you are sure everything is correctly configured you can activate the Elasticsearch forwarder by log into the OSGi console and install the feature.

OSGi login and installation of the Elasticsearch forwarder
ssh admin@localhost -p 8101
features:install opennms-elasticsearch-event-forwarder

You can check the routes status with the camel:* commands and/or inspect the log with log:tail for any obvious errors. The feature has a trace level logging that can be used to trace operations.

documentation on using the OSGi console embedded in OpenNMS and the relative camel commands.

If all goes well events and alarms will be pushed in realtime into Elasticsearch. You should now be able to view the events and graph them with Kibana.

If you have never used Kibana before you should probably start with Kibana 3 which is simpler. Kibana 4 is more powerful, but harder to get started with.

A basic Elasticsearch configuration

This section describes to get a minimal working configuration with OpenNMS and Elasticsearch. Install Elasticsearch on the same host as OpenNMS and edit the elasticsearch.yml as follows:

Example configuration for Elasticsearch opennms false [""]
Running OpenNMS and Elasticsearch on the same host is not recommended for production or busy environments.


If events are not reaching Elasticsearch check if OpenNMS is correctly configured, in particular review the elasticsearchCluster and elasticsearchIp parameters.

If those appear to be correct verify that OpenNMS can communicate with Elasticsearch over port 9300.

Review the OSGi log with log:tail or the camel:* commands.