How to configure metricbeat for monitoring system processes

Hi everyone!!!
I'm trying to use metricbeat in order to check system processes status, but i can't understand how to configure metricbeat.yml.
I'm working on a linux system.

This is my actual config:

metricbeat.modules:
- module: system
  metricsets:
    - process         # Per process metrics
  enabled: true
  period: 10s
  processes: ['.*']

  process.cgroups.enabled: true
  setup.dashboards.enabled: true

output.logstash:
  hosts: ['logstash:5044']
  ssl.certificate_authorities: 
    - /cert/MyRootCA.pem
  ssl.certificate: "/cert/metricbeat.pem" 
  ssl.key: "/cert/metricbeat-key.pem" 

As for my docker-compose.yml

  metricbeat:
    image: docker.elastic.co/beats/metricbeat:7.1.1
    container_name: metricbeat
    volumes:
      - /proc:/hostfs/proc:ro
      - /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro
      - /:/hostfs:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./metricbeat/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml
      - ./cert/metricbeat.pem:/cert/metricbeat.pem:ro
      - ./cert/metricbeat-key.pem:/cert/metricbeat-key.pem:ro
      - ./cert/MyRootCA.pem:/cert/MyRootCA.pem:ro
    networks:
      - esnet
    depends_on:
      -  logstash
    user: root

When i access on kibana i can see metricbeats logs but it seems like it's monitoring itself .. if i search for running system.process.state.keyword i can only see this value: /usr/share/metricbeat/metricbeat

What is happening? Can anyone help?
Thank you,
EF

alright let me understand
you want to monitor systemA with ELK serverA correct
then you should do following in your metricbeat.yml on SystemA

metricbeat.config.modules:
path: /etc/metricbeat/modules.d/system.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
index.codec: best_compression
output.elasticsearch:
hosts: ["ServerA:9200"]
username: "xxx"
password: "xxx"

Make sure you have module.d dir on /etc/metricsbeat/module.d/system.yml, everything else is remove or rename

Then on ELK serverA

metricbeat.config.modules:
path: /etc/metricbeat/modules.d/system.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
index.codec: best_compression
setup.dashboards.enabled: true
setup.dashboards.beat: metricbeat
setup.kibana: ---- this will load all the kibana dashboard for you.--------------
host: "ServerA:5601"
output.elasticsearch:
hosts: ["ServerA:9200"]
username: "xxx"
password: "xxx"

Then make sure you delete everything that you don't want from ServerA
/usr/share/metricbeat/kibana/7/dashboard (remove al dashboard that you don't want to be loaded) keep only what you need.

I hope this helps

Thank you but i think you didn't get my point... unfortunately this does not help at all :frowning:

well then explain

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.