How do I modify collect specific processes and top 10 processes in metricbeat's system module?

I have a question when collecting data from the system module.

• When collecting processes, I would like to collect the top 10 CPU and memory information.
• When collecting processes, I want to collect a specific process.name. (Example: Notepad*, xyz.exe)

How do I modify it in System.yml to create Visualize by collecting both collection targets together?

I modified it as below, but the data of the Top 10 process is not collected, only a specific process is collected.

## system.yml

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-system.html

- module: system
  period: 30s
  metricsets:
    - cpu
    - memory
    - network
    - process
    - process_summary
    - socket_summary
    - diskio
    - filesystem
    - uptime
       # https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-system-service.html
  cpu.metrics: [percentages, normalized_percentages]
  filesystem.ignore_types: [nsfs, nfs, smbfs, autofs]
  #processes: ['.*', 'Notepad*', 'vapm.exe', 'epmd*']
  processes: ['.*']
  processes: ['Notepad*', 'vapm.exe', 'epmd*']  
  process.include_top_n.by_cpu: 10
  process.include_top_n.by_memory: 10
  process.cgroups.enabled: false
  process.include_cpu_ticks: true
  filters:
    - drop_event.when.regexp:
      system.filesystem.mount_point: '^\/(sys|cgroup|proc|dev|etc|host)\/(.*)'
    - drop_event.when.regexp:
      system.filesystem.device_name: '^(sys|cgroup|proc|dev|etc|host|sysfs|gvfsd-fuse)'

image909×611 29.3 KB

Result

image1122×735 57.4 KB

How do I collect all top 10 process and specific process information?

Hi @jongpyo.lee

Perhaps take a look at this thread it is very similar

In short you define 2 separate metricsets 1 to collect Top N one to collect individual processes.

Hi, @stephenb

It's very awesome.
Thank you very much.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.