I'm still pretty new to elastic stack. And I'm come from prometheus and grafana, and I'd like to substitute them for metricbeat, filebeat and kibana.
As a newbie, I always wonder, what is the best practice to deploy filebeat and metricbeat. Should I deploy just one for each for the whole docker swarm cluster? One for each docker swarm node? or One for each service?
If there is a video about this, please kindly let me now.
Another option is to use the Elastic-Agent so you can focus on the data you want to collect/services you want to monitor and the Elastic-Agent takes care of managing the Beats for you.
If you connect to a docker running on another node, then you'll probably have duplicated events because multiple instances of Metricbeat will be able to discover the same containers.
The example in our documentation only connects to the docker running on the same node Metricbeat is running via Unix socket.
If the docker you're connecting to via TCP can access all containers, than you'll need only one Metricbeat.
I the autodiscover itself not working or the communication with the docker engine API?
I have migrated to elastic-agent now. I remembered that, from the log, metricbeat can discover my service, but it didn't try to get metric data from it.
But it doesn't matter now.
Thank you for your help.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.