Hi,
I need some help for using Logstash to capture monitoring stats.
We have a client server application setup where the ELK (Elasticsearch, Logstash and Kibana) are hosted on the server and the client machines (which communicate to the server) have Filebeat installed. We are already using Filebeat to send some logs to Logstash but I am interested in capturing some other system metrics from the client machine specifically, is my client machine operational and what java processes it is running.
I am new to ELK, and am working to find the best way to capture and send this information to Elasticsearch using the Elastic stack. I know JMX calls from a server-side component to each client machine can get the JVM specific data so we should be able to send this info to Elasticsearch as well. I figured two ways to do this with my current understanding:
- Have the server component send these JMX calls periodically to all the client machines, log the JMX response in a log file on the server (like/var/log/status.log) and then configure Logstash running on the server to read this log file, filter it and send to Elasticsearch for indexing, from where we should then be able to visualize the data on Kibana. However, am not sure if I can use the same to check if my application is running on that client machine or not (if client is online).
- I learnt that Logstash offers a JMX input plugin that can fetch the data from remote machines, however there doesn't seem to be much explanation I have found for it so far, so still trying to find out more.
Can anyone help confirm if I am correct with assuming either of the above two approaches, and if it is possible to perform both of the checks using Logstash JMX input plugin itself? Any guidance or resources would be helpful.
Thanks in advance.