How to configure metricbeat for monitoring system processes

evalufran · August 29, 2019, 12:52pm

Hi everyone!!!
I'm trying to use metricbeat in order to check system processes status, but i can't understand how to configure metricbeat.yml.
I'm working on a linux system.

This is my actual config:

metricbeat.modules:
- module: system
  metricsets:
    - process         # Per process metrics
  enabled: true
  period: 10s
  processes: ['.*']

  process.cgroups.enabled: true
  setup.dashboards.enabled: true

output.logstash:
  hosts: ['logstash:5044']
  ssl.certificate_authorities: 
    - /cert/MyRootCA.pem
  ssl.certificate: "/cert/metricbeat.pem" 
  ssl.key: "/cert/metricbeat-key.pem"

As for my docker-compose.yml

  metricbeat:
    image: docker.elastic.co/beats/metricbeat:7.1.1
    container_name: metricbeat
    volumes:
      - /proc:/hostfs/proc:ro
      - /sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro
      - /:/hostfs:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./metricbeat/metricbeat.yml:/usr/share/metricbeat/metricbeat.yml
      - ./cert/metricbeat.pem:/cert/metricbeat.pem:ro
      - ./cert/metricbeat-key.pem:/cert/metricbeat-key.pem:ro
      - ./cert/MyRootCA.pem:/cert/MyRootCA.pem:ro
    networks:
      - esnet
    depends_on:
      -  logstash
    user: root

When i access on kibana i can see metricbeats logs but it seems like it's monitoring itself .. if i search for running system.process.state.keyword i can only see this value: /usr/share/metricbeat/metricbeat

What is happening? Can anyone help?
Thank you,
EF

elasticforme · August 29, 2019, 2:33pm

alright let me understand
you want to monitor systemA with ELK serverA correct
then you should do following in your metricbeat.yml on SystemA

metricbeat.config.modules:
path: /etc/metricbeat/modules.d/system.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
index.codec: best_compression
output.elasticsearch:
hosts: ["ServerA:9200"]
username: "xxx"
password: "xxx"

Make sure you have module.d dir on /etc/metricsbeat/module.d/system.yml, everything else is remove or rename

Then on ELK serverA

metricbeat.config.modules:
path: /etc/metricbeat/modules.d/system.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
index.codec: best_compression
setup.dashboards.enabled: true
setup.dashboards.beat: metricbeat
setup.kibana: ---- this will load all the kibana dashboard for you.--------------
host: "ServerA:5601"
output.elasticsearch:
hosts: ["ServerA:9200"]
username: "xxx"
password: "xxx"

Then make sure you delete everything that you don't want from ServerA
/usr/share/metricbeat/kibana/7/dashboard (remove al dashboard that you don't want to be loaded) keep only what you need.

I hope this helps

evalufran · August 29, 2019, 2:50pm

Thank you but i think you didn't get my point... unfortunately this does not help at all

elasticforme · August 29, 2019, 3:46pm

well then explain

system · September 26, 2019, 3:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to Run Metricbeat in Docker with Modules to Monitor Other Containers Beats elastic-stack-monitoring , docker , beats-module , metricbeat	9	2619	October 2, 2020
Setup metricbeat to monitor docker containers Beats docker , metricbeat	3	431	December 21, 2020
How use metricbeat for logstash logs files in docker container Logstash docker	2	1001	July 9, 2021
Docker Metricbeat 7.6.0 doesn't send Host processes Beats docker , metricbeat	3	575	January 14, 2021
In Metricbeat have provided the process monitoring list in system.yml but not getting process stats in the kibana dashboard Beats metricbeat	3	348	April 21, 2023

How to configure metricbeat for monitoring system processes

Related topics