External monitoring of the Elastic Stack has been fully implemented since Elastic 7.5 was released. You can monitor Elasticsearch, Kibana, Logstash, APM servers and Beats via the Metricbeat module.

With external collection, users can now collect and send monitoring data for their Elastic Stack without relying on the health of the monitored service. This release greatly improves the flexibility used to monitor Elastic Stack reliability and options. External data collection is recommended for all users monitored by Elastic Stack.

 

A bit of background

Previously, services in the Elastic Stack collected and transmitted their own monitoring data in a process called the Internal Collection.

By introducing external collection, users can run Metricbeat with a variety of monitored services, such as Elasticsearch, to collect monitoring data about their health and performance and transmit it directly to a monitoring cluster.

In the past, Stack Monitoring required that all Monitoring data be sent to the production cluster and then forwarded to the Monitoring cluster. This design is not what we expected, for example when our production machine is under stress, the monitoring function may not work properly.

 

Past Settings required data monitoring through production cluster routing

By introducing Metricbeat as an agent to collect and transport monitoring data, there is no need to route the monitoring data through the production cluster. Monitoring data can now be collected by a standalone lightweight monitoring agent and sent directly to the monitoring cluster.

Monitoring with Metricbeat allows all data to be routed directly to the monitoring cluster without touching the production cluster at all

Hands-on practice

Install Elasticsearch and Kibana

In today’s exercise, we will use two different clusters to complete our exercise:

We deployed both clusters on our same machine, but they were in different directories. If you don’t already have your cluster installed, see my previous article “Elastic: A Beginner’s Guide” to do so. Please note: We installed by unpacking the installation package and installing it in two separate directories. We need to follow my configuration requirements of the above configuration in config/Elasticsearch Elasticsearch respectively. The config/yml and Kibana Kibana. Yml file. In addition, to meet the requirements of monitoring, we must configure security accounts for the two clusters respectively. See the article “Elasticsearch: Setting Elastic Account security”.

With this configuration, we have two clusters:

If you can see the two Kibana interfaces above, then our configuration is successful.

In the above configuration, the cluster with port 9200 is our production cluster. In order to monitor its data, we must configure it. We open Kibana with port 5601:

PUT _cluster/settings
{
  "persistent": {
    "xpack.monitoring.collection.enabled": true
  }
}
Copy the code

The above directive enables monitoring data collection.

We can check the result of the modification with the following command:

GET _cluster/settings
Copy the code

We also disabled the production cluster’s default Elasticsearch metric monitoring:

PUT _cluster/settings
{
  "persistent": {
    "xpack.monitoring.elasticsearch.collection.enabled": false
  }
}
Copy the code

After the above modification, our configuration result is:

 

Install Metricbeat

To enable external monitoring of Elasticsearch, Metricbeat must be installed. We open any of the Above Kibana screens:

Click the Add Metric Data button:

Click on System Metrics above:

We choose the operating system that matches our computer. You can see the instructions for installing Metricbeat. In this way, we can install a version of Metricbeat that matches our Elasticsearch. We can not start the system module by following the instructions above, although the system module is already started by default. We can view all started modules with the following command:

./metricbeat modules list
Copy the code

Above you can see that the ElasticSearch-Xpack module has been successfully started. We can start it with the following command:

./metricbeat modules enable elasticsearch-xpack
Copy the code

If your System module is already started, you can disable it by:

./metricbeat modules disable system
Copy the code

In order for us to be able to monitor the production cluster (127.0.0.1:9200), we had to collect data and send it to the monitoring cluster (127.0.0.1:9201), we had to configure the elasticSearch-xpack.yml file in modules.d

$PWD/Users/liuxg/elastic8 / metricbeat - 7.6.0 - Darwin - x86_64 liuxg: metricbeat - 7.6.0 - Darwin - x86_64 liuxg $ls modules.d/elasticsearch-xpack.yml modules.d/elasticsearch-xpack.ymlCopy the code

According to our requirements, I made the following configuration:

# Module: elasticsearch # Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.6/metricbeat-module-elasticsearch.html - the module: elasticsearch metricsets: - ccr - cluster_stats - enrich - index - index_recovery - index_summary - ml_job - node_stats - shard period: 10s hosts: ["http://localhost:9200"] username: "elastic" password: "123456" xpack.enabled: trueCopy the code

In the above configuration, it collects data for the cluster at http://localhost:9200 every 10 seconds. Up here, I’m using super-user Elastic, which you’ll need to change to fit your own password.

In order to pass data to http://localhost:9201, we also need to configure metricbeat.yml:

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9201"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "123456"
Copy the code

Above we set hosts to localhost:9201, which means that the collected data needs to be passed to the cluster. We also need to change the above username and password according to our own configuration.

After the above configuration, our Metricbeat configuration is complete, we can use the following command to start Metricbeat:

./metricbeat -e
Copy the code

 

Monitor the Elasticsearch

Next, we open the Kibana interface of the monitoring cluster http://localhost:5602:

Let’s open the Stack Monitoring application. Above, we can see the cluster with port address 9200 in the monitored production environment. It shows one nodes and eight indexes. Click on the Overview above:

Click above Nodes:

It shows an overview of the nodes in our current production cluster. Click on the liuxG hyperlink above:

We can see the memory, IO, CPU statistics of this node. Click Advanced above:

Click on Indices of application entry:

We can see the status of all indexes.

 

conclusion

In today’s article, we showed how to use Metricbeat to monitor Elasticsearch externally. We can use the same method to monitor other Elastic stacks:

  • The Metricbeat Logstash – Xpack module monitors the Logstash
  • Metricbeat Beat – Xpack module monitors Beats
  • Metricbeat Kibana – Xpack module monitors Kibana

I’ll leave the rest of the exercises to you.

Reference:

【 1 】 www.elastic.co/blog/extern…

(2) www.elastic.co/guide/en/el…