#!/bin/bash
#
# Check Graylog for Index Failure errors in the last five minutes.
# v1.1 
#
# https://github.com/jasoncheng7115/it-scripts
# https://blog.jason.tools
#
# jason@jason.tools
# 2023/12/15

usage() {
    echo "Usage: $0 -U USER -P PASSWORD -p PORT -H IP [-S] [-h]"
    echo
    echo "  -U USER        The username for authentication"
    echo "  -P PASSWORD    The password for authentication"
    echo "  -p PORT        The port number"
    echo "  -H IP/FQDN     The IP or FQDN"
    echo "  -S             Use https protocol (optional)"
    echo "  -h             Display this help message"
    exit 1
}


if [ $# -eq 0 ]; then
    usage
fi

while getopts U:P:p:H:Sh option
do
 case "${option}"
 in
 U) USER=${OPTARG};;
 P) PASSWORD=${OPTARG};;
 p) PORT=${OPTARG};;
 H) IP=${OPTARG};;
 S) SECURE=1;;
 h) usage;;
 esac
done

if [ "$SECURE" ]; then
    PROTOCOL="https"
else
    PROTOCOL="http"
fi


RESULT=`curl --silent -u "$USER:${PASSWORD//\!/\\!}" -H "Accept: application/json" -X GET "$PROTOCOL://$IP:$PORT/api/system/indexer/failures/count?since=$(date -u +'%FT%T.%2NZ' -d " -5 minute")&pretty=true" -k | grep count | awk -F":" '{print $2}' | tr -d ' '` 


STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3


if [ $RESULT -eq 1 ]; then
    echo "CRITICAL: Index failure occurred ($RESULT records)|'index_failure'=$RESULT"
    exit $STATE_CRITICAL
fi

if [ $RESULT -eq 0 ]; then
    echo "OK: No index failure.|'index_failure'=$RESULT"
    exit $STATE_OK
fi

echo "Unknown state:$RESULT"
exit $STATE_UNKNOWN