Issues with process monitoration

poiati · October 28, 2016, 1:24pm

Hello,

I'm using Metricbeat to collect processes data. While aggregating to show the avg. memory usage per process for example I could use one of the properties bellow to split the data per row (terms):

system.process.name
- If there are more than one process with the same name all of them will be aggregated together (not desired)
system.process.pid
- That is what I want in terms of aggregation but the absence of the process name is bad for visual purposes
system.process.cmdline
- Too much verbose

I would like to use something like "${PID} ${PNAME}" to split my data. In Packetbeat for example we have the "query" that concatenates the HTTP method and the path. Am I missing something?

Thanks very much, amazing work you guys are doing here with elasticsearch stack.

monica · October 31, 2016, 11:07pm

You can do this by using the scripting fields feature of Kibana. A scripted field can be defined as:

doc['system.process.pid'].value + ' ' + doc['system.process.name'].value

The advantage of this solution is that Kibana always adds the scripted field even if it's an empty string.
Another option would be to "split" twice, once by process name and once by process pid.

poiati · November 8, 2016, 8:28pm

Amazing monica. Thank you!

system · November 18, 2016, 1:25pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
I have added a process in metricbeat.yml file to monitor but the process details are not showing in kibana Beats beats-module , metricbeat	1	269	December 29, 2022
Get per process Metrics Elasticsearch elastic-stack-sql	13	1365	May 13, 2021
Visualise Memory per Process in Kibana Kibana	3	1212	December 3, 2018
How can I monitor a specific process via metricbeat on Kibana dashboard? Beats metricbeat	4	2314	December 12, 2018
Show "right" substring in Kibana visualisation Kibana	2	1373	February 21, 2017

Issues with process monitoration

Related topics