Hello,
For purpose of monitoring CPU utilization per service I have created custom metricbeat fields. Using metricbeat all data are transferred to logstash pipeline.
This is my filter section:
filter {
if [system][process] {
if [system][process][cmdline] {
if [system][process][cmdline] =~ "DataFlowEngine\s.*" {
grok {
match => {
"[system][process][cmdline]" => "^%{WORD} %{WORD} %{NOTSPACE} %{WORD:[system][process][eg_group]}$"
}
add_field => { "system.process.cpu.total.%{[system][process][eg_group]}" => "%{[system][process][cpu][total][pct]}" }
remove_field => "[system][process][cmdline]"
}
}
}
}
}
Logstash pipeline basically copy field system.process.cpu.total.pct and change the name based on cmd field of the process.
I have a problem to create proper kibana index pattern for custom metricbeat fields. Using setup.template.append_fields in metricbeat.yml file I managed to create fields with name and type that I need but I can’t proper format of the fields (in my case format is percent).
I add following line in my metricbeat.yml file:
setup.template.append_fields:
- name: system.process.cpu.total.address
type: scaled_float
format: percent- name: system.process.cpu.total.crm
type: scaled_float
format: percent- name: system.process.cpu.total.dms
type: scaled_float
format: percent- name: system.process.cpu.total.erp
type: scaled_float
format: percent
I presume that format isn’t possible to setup using metricbeat.yml?
I also try with creating custom metricbeat and fields.yml but with no luck.
Do you have any idea how to solve my problem or suggestion for another approach?
I have 6.7.1 version for all components.
BR,
Mladen
