Select Supported Platforms

Select Supported Architectures

Select Tier

Github Name

Asset Definition
Release Notes
Release Assets


Sensu Bonsai Asset
Go Test

Table of Contents


The sensu-dynamic-check-plugin is a Sensu Mutator that parse labels from sensu events and creates a dynamic check in Sensu Backend and add event.check.annotation io.sensu.remediation.config.actions with these values then it can be scheduled by sensu-remediation-handler


Sensu Dynamic Check Mutator creates sensu check based on template

  sensu-dynamic-check-mutator [flags]
  sensu-dynamic-check-mutator [command]

Available Commands:
  help        Help about any command
  version     Print the version number of this plugin

  -B, --api-backend-host string                  Sensu Go Backend API Host (e.g. '') (default "")
  -k, --api-backend-key string                   Sensu Go Backend API Key
  -P, --api-backend-pass string                  Sensu Go Backend API Password (default "P@ssw0rd!")
  -p, --api-backend-port int                     Sensu Go Backend API Port (e.g. 4242) (default 8080)
  -u, --api-backend-user string                  Sensu Go Backend API User (default "admin")
  -c, --check-config string                      Json template for Sensu Check
      --command-arguments-template string        Template for Sensu Check Command (default "{{ range $key, $value := . }} {{ $key }} {{ $value }}{{ end }}")
      --command-bool-arguments-template string   Template for Sensu Check Command (default "{{ range $value := . }} {{ $value }}{{ end }}")
      --command-handler string                   Handler used to post the result (default "default")
      --default-check-suffix-name string         Default suffix name for unpublished checks (default "dynamic")
  -h, --help                                     help for sensu-dynamic-check-mutator
  -i, --insecure-skip-verify                     skip TLS certificate verification (not recommended!)
  -s, --secure                                   Use TLS connection to API
  -t, --trusted-ca-file string                   TLS CA certificate bundle in PEM format

Use "sensu-dynamic-check-mutator [command] --help" for more information about a command.


We add a json inside --check-config:

    "name": "describe-resource",
    "command": "${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe",
    "bool_args": [
    "arguments": ["daemonset","deployment","pod","statefulset"],
    "options": {
        "--namespace": "namespace"
    "match_labels": {
        "sensu-alertmanager-events": "owner"
    "exclude_labels": [
        "alertname": "TargetDown"
        "alertname": "KubeVersionMismatch"
    "sensu_assets": [
    "occurrences": [1],
    "severities": [2],
    "name": "systemctl-status",
    "command": "sudo systemctl",
    "options": {
        "status": "application"
    "match_labels": {
        "systemd": "true"
    "occurrences": [1]
    "name": "systemctl-restart",
    "command": "sudo systemctl",
    "options": {
        "restart": "application"
    "match_labels": {
        "systemd": "true"
    "occurrences": [3]

In this example, to change the event, this mutator need to find a label called namespace, and need to find at least one of the arguments array, like label deployment. Then it will create a check.command: ${{assetPath "kubectl"}}/kubernetes/client/bin/kubectl describe --namespace default deployment nginx.

And it will create one annotation like:

"io.sensu.remediation.config.actions": "[{\"request\":\"KubeDeploymentReplicasMismatch-default-nginx-describe-resource-dynamic\",\"occurrences\":[1],\"severities\":[2],\"subscriptions\":[\"\"]}]"

And one check called: KubeDeploymentReplicasMismatch-default-nginx-describe-resource-dynamic with command ${{assetPath \"kubectl\"}}/kubernetes/client/bin/kubectl describe --namespace default daemonset nginx.

In systemctl-status and systemctl-restart if this mutator found two labels systemd:true and application:nginx as example for a check called http-nginx, it will create two checks in Sensu Backend called http-nginx-systemctl-status-dynamic and http-nginx-systemctl-restart-dynamic both running a sudo systemctl [status|restart] nginx command and it will add the following annotation:

"io.sensu.remediation.config.actions": "[{\"request\":\"http-nginx-systemctl-status-dynamic\",\"occurrences\":[1],\"severities\":[2],\"subscriptions\":[\"entity:systemd-ubuntu\"]},{\"request\":\"http-nginx-systemctl-restart-dynamic\",\"occurrences\":[3],\"severities\":[2],\"subscriptions\":[\"entity:systemd-ubuntu\"]}]"

kubectl as asset

In these example we use one event imported by sensu-alertmanager-events and we installed kubectl using assets.

type: Asset
api_version: core/v2
  name: kubectl
  namespace: default
  sha512:  081472833601aa4fa78e79239f67833aa4efcb4efe714426cd01d4ddf6f36fbf304ef7e1f5373bff0fdff44a845f7560165c093c108bd359b5ab4189f36b1f2f


type: Check
api_version: core/v2
  name: http-nginx
  namespace: default
  command: check-http.rb -u -t 5
  - default
  - remediation
  interval: 60
  publish: true
  - sensu-ruby-runtime
  - sensu-plugins-http
  - ubuntu

Json details

Field What it does Example
bool_args add flags without any argument. Always include any configured flags -k
arguments add label.key label.value inside command. Should match at least one. If not, will return event without any change deployment ingress-nginx
options should match all configured to change the event. Use it when you need to use a different flag but with some content from a label To use a label.value in the flag --namespace, use it: {"--namespace": "namespace"}
match_labels If found these label.key=label.value it will change the event -
exclude_labels Use this array to exclude some label.key=label.value that doesnt match with your dynamic check -
occurrences same occurrences field in sensu-remediation-handler default: []int{1}
severities same severities field in sensu-remediation-handler default: []int{2}

Asset registration

Sensu Assets are the best way to make use of this plugin. If you're not using an asset, please
consider doing so! If you're using sensuctl 5.13 with Sensu Backend 5.13 or later, you can use the
following command to add the asset:

sensuctl asset add betorvs/sensu-dynamic-check-mutator

If you're using an earlier version of sensuctl, you can find the asset on the [Bonsai Asset Index][].

Mutator definition

Maybe is important to add authetication configs -u dynamic -P ${MUTATOR_PASS} -B -s -t /$PATH_TO_CERTIFICATE/ca.pem

type: Mutator
api_version: core/v2
  name: sensu-dynamic-check-mutator
  namespace: default
  command: >-
    sensu-dynamic-check-mutator -c "[{\"name\":\"describe-resource\",\"command\":\"\${{assetPath \\\"kubectl\\\"}}/kubernetes/client/bin/kubectl describe\",\"bool_args\":[\"--no-headers\"],\"arguments\":[\"daemonset\",\"deployment\",\"pod\",\"statefulset\",\"node\"],\"options\":{\"--namespace\":\"namespace\"},\"match_labels\":{\"sensu-alertmanager-events\":\"owner\"},\"exclude_labels\":[{\"alertname\":\"TargetDown\"},{"alertname": "KubeVersionMismatch"}],\"sensu_assets\":[\"kubectl\"]}]"
  - betorvs/sensu-dynamic-check-mutator

Installation from source

The preferred way of installing and deploying this plugin is to use it as an Asset. If you would
like to compile and install the plugin from source or contribute to it, download the latest version
or create an executable script from this source.

From the local path of the sensu-dynamic-check-mutator repository:

go build

Additional notes


For more information about contributing to this plugin, see Contributing.

Are you sure you want to report this asset?

Please describe the reason for reporting this asset. Our moderators will be notified and will disable the asset if it is found to be inappropriate.


You must be signed in to report this asset.

Sign In with Github



Either download the source code:

Download Source

Or download the asset definition: