Issues with process monitoration

poiati · October 28, 2016, 1:24pm

Hello,

I'm using Metricbeat to collect processes data. While aggregating to show the avg. memory usage per process for example I could use one of the properties bellow to split the data per row (terms):

system.process.name
- If there are more than one process with the same name all of them will be aggregated together (not desired)
system.process.pid
- That is what I want in terms of aggregation but the absence of the process name is bad for visual purposes
system.process.cmdline
- Too much verbose

I would like to use something like "${PID} ${PNAME}" to split my data. In Packetbeat for example we have the "query" that concatenates the HTTP method and the path. Am I missing something?

Thanks very much, amazing work you guys are doing here with elasticsearch stack.

monica · October 31, 2016, 11:07pm

You can do this by using the scripting fields feature of Kibana. A scripted field can be defined as:

doc['system.process.pid'].value + ' ' + doc['system.process.name'].value

The advantage of this solution is that Kibana always adds the scripted field even if it's an empty string.
Another option would be to "split" twice, once by process name and once by process pid.

poiati · November 8, 2016, 8:28pm

Amazing monica. Thank you!

system · November 18, 2016, 1:25pm

This topic was automatically closed after 21 days. New replies are no longer allowed.