How to Monitor particular process and file system disk space through metricbeat

udareddy · October 31, 2017, 3:01pm

Hi All,
I am happy that we have very good forum to discuss and help each other on ELK stack, and am very new to ELK stack integrations but I have good knowledge on Splunk integration.

I am seeking help on below requirement.

we want to monitor a particular process (SSA, (# service SSA status) ) and file system disk space (/var/lib/SSA ) through metricbeat, which is running on Linux ( RHEL), so what will be the metricbeat module configuration code we have to use ?

process name is SSA
file system is /var/lib/SSA

Thanks
Uday.

steffens · November 1, 2017, 12:36pm

The system Metricsets has support for process metrics, filesystem Metrics per mountpoint, and diskio Metrics per mountpoint. Is this what you are looking for?

udareddy · November 1, 2017, 6:06pm

Thanks for your quick reply,
l have verified above mentioned link but am not able to fine what am looking, my bad
we want to monitor one of the open tcp listen port i.e 8443 in linux (RHEL) host for every 10s.
and need to check file system usage /var/lib/ssg for every 10s.

--Uday.

andrewkroh · November 1, 2017, 7:33pm

You can use the system socket metricset to monitor listening TCP sockets and active connections.

metricbeat.modules:
- module: system
  metricsets: [socket] 
  period: 500ms

And if you want to only report events for port 8443 you can add a filter.

metricbeat.modules:
- module: system
  metricsets: [socket] 
  period: 500ms
  filters:
  - drop_event.when.not.equal.local.port: 8443

Metricbeat's filesystem metricset monitors mount points. So if you want to get stats specifically for this directory then it needs to be its own mount point. We don't have a metricset that acts like du and traverses a directory summing up all the file sizes.

system · November 29, 2017, 7:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.