Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name

Asset Definition
Release Notes
Release Assets


Sensu Bonsai Asset
Go Test

Table of Contents


The sensu-dynamic-check-plugin is a Sensu Mutator that parse labels from sensu events and creates a dynamic check in Sensu Backend and add event.check.annotation io.sensu.remediation.config.actions with these values then it can be scheduled by sensu-remediation-handler


Sensu Dynamic Check Mutator creates sensu check based on template

  sensu-dynamic-check-mutator [flags]
  sensu-dynamic-check-mutator [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

  -B, --api-backend-host string                  Sensu Go Backend API Host (e.g. '') (default "")
  -k, --api-backend-key string                   Sensu Go Backend API Key
  -P, --api-backend-pass string                  Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int                     Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string                  Sensu Go Backend API User (default "admin")
  -c, --check-config string                      Json template for Sensu Check
      --command-arguments-template string        Template for Sensu Check Command (default "{{ range $key, $value := . }} {{ $key }} {{ $value }}{{ end }}")
      --command-bool-arguments-template string   Template for Sensu Check Command (default "{{ range $value := . }} {{ $value }}{{ end }}")
      --command-handler string                   Handler used to post the result (default "default")
      --default-check-suffix-name string         Default suffix name for unpublished checks (default "dynamic")
  -h, --help                                     help for sensu-dynamic-check-mutator
  -i, --insecure-skip-verify                     skip TLS certificate verification (not recommended!)
  -s, --secure                                   Use TLS connection to API
  -t, --trusted-ca-file string                   TLS CA certificate bundle in PEM format

Use "sensu-dynamic-check-mutator [command] --help" for more information about a command.


We add a json inside --check-config:

    "name": "describe-resource",
    "command": "${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe",
    "bool_args": [
    "arguments": ["daemonset","deployment","pod","statefulset","node"],
    "options": {
        "--namespace": "namespace"
    "match_labels": {
        "sensu-alertmanager-events": "owner"
    "exclude_labels": [
        "alertname": "TargetDown"
        "alertname": "KubeVersionMismatch"
    "sensu_assets": [

In these example we use one event imported by sensu-alertmanager-events and we installed kubectl using assets.

type: Asset
api_version: core/v2
  name: kubectl
  namespace: default
  sha512:  081472833601aa4fa78e79239f67833aa4efcb4efe714426cd01d4ddf6f36fbf304ef7e1f5373bff0fdff44a845f7560165c093c108bd359b5ab4189f36b1f2f

And it will create one annotation like:

"io.sensu.remediation.config.actions": "[{\"request\":\"KubeDaemonSetRolloutStuck-kube-system-filebeat-describe-resource-dynamic\",\"occurrences\":[1],\"severities\":[2],\"subscriptions\":[\"\"]}]"

And one check called: KubeDaemonSetRolloutStuck-kube-system-filebeat-describe-resource-dynamic with command ${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe --namespace kube-system daemonset filebeat-audit.

Json details

Field What it does Example
bool_args add flags without any argument -k
arguments add label.key label.value inside command deployment ingress-nginx
match_labels If found these label.key=label.value it changed the event -
exclude_labels Use to exclude some label.key=labe.value that doenst match with your dynamic check -

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add betorvs/sensu-dynamic-check-mutator

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][].

Mutator definition

Maybe is important to add authetication configs -u dynamic -P ${MUTATOR_PASS} -B -s -t /$PATH_TO_CERTIFICATE/ca.pem

type: Mutator
api_version: core/v2
  name: sensu-dynamic-check-mutator
  namespace: default
  command: >-
    sensu-dynamic-check-mutator -c "[{\"name\":\"describe-resource\",\"command\":\"\${{assetPath \\\"kubectl\\\"}}/kubernetes/client/bin/kubectl describe\",\"bool_args\":[\"--no-headers\"],\"arguments\":[\"daemonset\",\"deployment\",\"pod\",\"statefulset\",\"node\"],\"options\":{\"--namespace\":\"namespace\"},\"match_labels\":{\"sensu-alertmanager-events\":\"owner\"},\"exclude_labels\":[{\"alertname\":\"TargetDown\"},{"alertname": "KubeVersionMismatch"}],\"sensu_assets\":[\"kubectl\"]}]"
  - betorvs/sensu-dynamic-check-mutator

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the sensu-dynamic-check-mutator repository:

go build

Additional notes


For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.


You must be signed in to report this asset.

Sign In with Github



Either download the source code:

Download Source

Or download the asset definition: