I've been using metricbeat and filebeat and it works well and I'm trying to use exec plugin to run a command (netstat...) on certain nodes only. I have 4 different types of remote nodes I'm ingesting data from and I want to get the data from exec from just one of them. What's the best way of doing this?
I've done it differently before where I have a script running on the remote server of that particular type and it generate a file with the output data and then I ingest that file using filebeat. Using exec plugin seems cleaner though.
I have 4 different types of remote nodes I'm ingesting data from and I want to get the data from exec from just one of them. What's the best way of doing this?
Only install the config file with the exec input on the node where you want the netstat data? Or am I misunderstanding the problem? You could of course filter it on the Logstash side if you prefer.
Hi Magnus - I'm referring to the logstash input exec plugin - that's configured in logstash. We don't have logstash running on the monitored nodes - just on some nodes that's part of the cluster.
There's an execbeat agent also but that's different. It's limited to be executed once a minute (same as cron).
Executing the netstat command on the other node types doesn't make sense (port 10011 is not used...) so I'd rather not execute it on ALL nodes and then filter out the data in logstash - I'd rather have logstash just execute the command via the exec input plugin on just the relevant nodes.
Yes, I would want to run that on just a specific set of hosts we ingest data from - but not all of them. We have multiple nodes with several different types of applications. Let's say on node type 1 we have a webserver on port 80 but on node type 2 there's another type of webserver on port 10011 - I'd like to get the count of established connections for those webservers - so I need to run netstat -anp | grep ":80" | grep -c ESTABLISHED on node type 1 and netstat -anp | grep ":10011" | grep -c ESTABLISHED on node type 2 to get the respective count. Not sure how to accomplish that using the exec input plugin. Not sure if that's really the right way either...
I doubt running netstat -anp | grep ... is the best and most efficient way of finding the number of connections, but if you insist I suggest you run that command on each server and send that to Logstash instead of having Logstash reach out via SSH each time.
One option to explore could be collectd and its tcpconns plugin.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.