Beat and x-pack monitoring

franco.federico · May 21, 2019, 3:32pm

Hello

Is it possible to monitor the beat. I have a winlogbeat service on the DC and I'd like to know if this service goes down.

I know that winlogbeat send monitoring information, but in the monitor system I don't find it.

Could you help me?
Thank you
Franco

Izek · May 21, 2019, 3:45pm

use metricbeat to capture the winlogbeat service status. https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-windows-service.html
write watcher to check the status and generate alert if the status is down

shaunak · May 21, 2019, 3:50pm

What does your winlogbeat.yml look like? Specifically what do the xpack.monitoring settings in it look like? Please mask any sensitive information before posting.

By "monitor system" are you referring to the Monitoring UI in Kibana? If so, what do you see there? Could you post some screenshots?

Finally, what is the result of the following Elasticsearch API call?

GET _cat/indices/.m*

franco.federico · May 21, 2019, 5:20pm

This is X pack monitoring. I ask information how to add Beat section, and how to monitor beat in general.

I try to follow the road of IzekChen.

Actually my xpack_monitoring configuration is

#============================== Xpack Monitoring ===============================
# winlogbeat can export internal metrics to a central Elasticsearch monitoring
# cluster.  This requires xpack monitoring to be enabled in Elasticsearch.  The
# reporting is disabled by default.

# Set to true to enable the monitoring reporter.
#monitoring.enabled: false

# Uncomment to send the metrics to Elasticsearch. Most settings from the
# Elasticsearch output are accepted here as well.
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
# Any setting that is not set is automatically inherited from the Elasticsearch
# output configuration, so if you have the Elasticsearch output configured such
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
# uncomment the following line.
#monitoring.elasticsearch:

So Shaunak Kashyap say me that only with deleting comment on this configuration section permits me to have a new section in the xpack monitoring, is it?

```
GET _cat/indices/.m*
```

green open .monitoring-alerts-6            3yrixubiTkW_oA5Ft3bL3A 1 1     1    0  12.5kb  6.2kb
green open .monitoring-kibana-6-2019.05.21 WCadbmwKTE-QZJcd7R-Pig 1 1  2074    0   2.2mb  1.1mb
green open .monitoring-es-6-2019.05.21     On2VvH5xQoSN0-VV1wjq3w 1 1 89400 1704 118.8mb 65.9mb

Thank you all
Franco

shaunak · May 21, 2019, 5:54pm

In your winlogbeat.yml, can you set this and see if it helps?

monitoring.enabled: true

franco.federico · May 27, 2019, 11:52am

I found the solution to my question and it is Central Beats Managment
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-central-management.html

Thank you all
Franco

system · June 24, 2019, 11:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.