To monitor Logstash nodes:
Identify where to send monitoring data. This cluster is often referred to asthe production cluster. For examples of typical monitoring architectures, seeHow Monitoring Works.
To visualize Logstash as part of the Elastic Stack (as shown in Step6), send metrics to your production cluster. Sending metrics to a dedicatedmonitoring cluster will show the Logstash metrics under the monitoring cluster.
xpack.monitoring.collection.enabled
setting is true
on theproduction cluster. If that setting is false
, the collection of monitoring datais disabled in Elasticsearch and data is ignored from all other sources.Configure your Logstash nodes to send metrics by setting thexpack.monitoring.elasticsearch.hosts
in logstash.yml
. If X-Pack security is enabled,you also need to specify the credentials for thebuilt-in logstash_system
user. For more information about these settings, see Monitoring Settings.
xpack.monitoring.elasticsearch.hosts: ["http://es-prod-node-1:9200", "http://es-prod-node-2:9200"] xpack.monitoring.elasticsearch.username: "logstash_system" xpack.monitoring.elasticsearch.password: "changeme"
If SSL/TLS is enabled on the production cluster, you mustconnect through HTTPS. As of v5.2.1, you can specify multipleElasticsearch hosts as an array as well as specifying a singlehost as a string. If multiple URLs are specified, Logstashcan round-robin requests to these production nodes. |
|
If X-Pack security is disabled on the production cluster, you can omit these |
If SSL/TLS is enabled on the production Elasticsearch cluster, specify the trustedCA certificates that will be used to verify the identity of the nodesin the cluster.
To add a CA certificate to a Logstash node’s trusted certificates, youcan specify the location of the PEM encoded certificate with thecertificate_authority
setting:
xpack.monitoring.elasticsearch.ssl.certificate_authority: /path/to/ca.crt
Alternatively, you can configure trusted certificates using a truststore(a Java Keystore file that contains the certificates):
xpack.monitoring.elasticsearch.ssl.truststore.path: /path/to/filexpack.monitoring.elasticsearch.ssl.truststore.password: password
Also, optionally, you can set up client certificate using a keystore(a Java Keystore file that contains the certificate):
xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/filexpack.monitoring.elasticsearch.ssl.keystore.password: password
Set sniffing to true
to enable discovery of other nodes of the Elasticsearch cluster.It defaults to false
.
xpack.monitoring.elasticsearch.sniffing: false
To verify your X-Pack monitoring configuration, point your web browser at your Kibanahost, and select Monitoring from the side navigation. Metrics reported fromyour Logstash nodes should be visible in the Logstash section. When security isenabled, to view the monitoring dashboards you must log in to Kibana as a userwho has the kibana_user
and monitoring_user
roles.
When upgrading from older versions of X-Pack, the built-in logstash_system
user is disabled for security reasons. To resume monitoring,change the password and re-enable the logstash_system user.
You can set the following xpack.monitoring
settings in logstash.yml
tocontrol how monitoring data is collected from your Logstash nodes. However, thedefaults work best in most circumstances. For more information about configuringLogstash, see logstash.yml.
xpack.monitoring.enabled
true
to enable X-Pack monitoring.
xpack.monitoring.elasticsearch.hosts
outputs
section in your Logstashconfiguration, or a different one. This is
not the URL of your dedicatedmonitoring cluster. Even if you are using a dedicated monitoring cluster, theLogstash metrics must be routed through your production cluster. You can specifya single host as a string, or specify multiple hosts as an array. Defaults to
http://localhost:9200
.
xpack.monitoring.elasticsearch.username
and xpack.monitoring.elasticsearch.password
xpack.monitoring.collection.interval
10s
. If you modify the collection interval, set the
xpack.monitoring.min_interval_seconds
option in
kibana.yml
to the same value.
You can configure the following Transport Layer Security (TLS) orSecure Sockets Layer (SSL) settings. For more information, seeConfiguring Credentials for Logstash Monitoring.
xpack.monitoring.elasticsearch.ssl.certificate_authority
.pem
file for thecertificate authority for your Elasticsearch instance.
xpack.monitoring.elasticsearch.ssl.truststore.path
xpack.monitoring.elasticsearch.ssl.truststore.password
xpack.monitoring.elasticsearch.ssl.keystore.path
xpack.monitoring.elasticsearch.ssl.keystore.password