Hi,
I have setup metricbeats to elastic to collect metrics from host filesystem running under openshift kubernetes pod
Seems that the filesystem.ignore_types only collect random or latest in the list of the file system
- module: system
period: 1m
metricsets:
- filesystem
- fsstat
filesystem.ignore_types: [sysfs, proc, devtmpfs, securityfs, tmpfs, devpts, cgroup, pstore, configfs, systemd-1, hugetlbfs, mqueue, debugfs, binfmt_misc, sunrpc]
Tried with
processors:
- drop_event.when.regexp:
system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|devtmpfs|tmpfs|etc|host|lib)($|/)'
but this only provide one latest docker mapped device.
Running
cat /etc/mtab on the host
sysfs /sys sysfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
devtmpfs /dev devtmpfs rw,seclabel,nosuid,size=16360424k,nr_inodes=4090106,mode=755 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev 0 0
devpts /dev/pts devpts rw,seclabel,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
tmpfs /sys/fs/cgroup tmpfs ro,seclabel,nosuid,nodev,noexec,mode=755 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23485 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,seclabel,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
nfsd /proc/fs/nfsd nfsd rw,relatime 0 0
/dev/sda2 /boot xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro 0 0
/dev/mapper/nfs-pv_data /opt/pv xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-home /home xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
/dev/mapper/rhel-root /var/lib/docker/containers xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /var/lib/docker/devicemapper xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
and running cat /etc/mtab inside metricbeat container
rootfs / rootfs rw 0 0
/dev/mapper/docker-253:0-67491179-0cca744e6c7c134ceb5d4f42378640acbe1788d8bffbeab96eb12e25b037756a / xfs rw,context="system_u:object_r:container_file_t:s0:c270,c982",relatime,nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota 0 0
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs ro,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,nodev,noexec,relatime,mode=755 0 0
systemd-1 /hostfs/proc/sys/fs/binfmt_misc autofs rw,relatime,fd=32,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23485 0 0
binfmt_misc /hostfs/proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
nfsd /hostfs/proc/fs/nfsd nfsd rw,relatime 0 0
/dev/mapper/rhel-root /dev/termination-log xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/metricbeat.yml xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/hosts xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
shm /dev/shm tmpfs rw,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,nodev,noexec,relatime,size=65536k 0 0
/dev/mapper/rhel-root /run/secrets xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/resolv.conf xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/hostname xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
tmpfs /run/docker.sock tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
/dev/mapper/rhel-root /usr/share/metricbeat/modules.d xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0
using cat /hostfs/proc/mounts can give better results as stated here https://github.com/elastic/beats/issues/7512#issuecomment-413000978
but how to change the usage of this command instead of above one.
sh-4.2# cat /hostfs/proc/mounts
rootfs / rootfs rw 0 0
/dev/mapper/docker-253:0-67491179-0cca744e6c7c134ceb5d4f42378640acbe1788d8bffbeab96eb12e25b037756a / xfs rw,context="system_u:object_r:container_file_t:s0:c270,c982",relatime,nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev tmpfs rw,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,mode=755 0 0
devpts /dev/pts devpts rw,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
sysfs /sys sysfs ro,seclabel,nosuid,nodev,noexec,relatime 0 0
tmpfs /sys/fs/cgroup tmpfs ro,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,nodev,noexec,relatime,mode=755 0 0
systemd-1 /hostfs/proc/sys/fs/binfmt_misc autofs rw,relatime,fd=32,pgrp=0,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=23485 0 0
binfmt_misc /hostfs/proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
nfsd /hostfs/proc/fs/nfsd nfsd rw,relatime 0 0
/dev/mapper/rhel-root /dev/termination-log xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/metricbeat.yml xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/hosts xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
shm /dev/shm tmpfs rw,context="system_u:object_r:container_file_t:s0:c270,c982",nosuid,nodev,noexec,relatime,size=65536k 0 0
/dev/mapper/rhel-root /run/secrets xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/resolv.conf xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
/dev/mapper/rhel-root /etc/hostname xfs rw,seclabel,relatime,attr2,inode64,noquota 0 0
tmpfs /run/docker.sock tmpfs rw,seclabel,nosuid,nodev,mode=755 0 0
/dev/mapper/rhel-root /usr/share/metricbeat/modules.d xfs ro,seclabel,relatime,attr2,inode64,noquota 0 0
tmpfs /hostfs/sys/fs/cgroup tmpfs ro,seclabel,mode=755 0 0
cgroup /hostfs/sys/fs/cgroup/systemd cgroup rw,seclabel,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
cgroup /hostfs/sys/fs/cgroup/net_cls,net_prio cgroup rw,seclabel,nosuid,nodev,noexec,relatime,net_prio,net_cls 0 0
tmpfs /run/secrets/kubernetes.io/serviceaccount tmpfs ro,seclabel,relatime 0 0
Has anyone got it working collecting metricbeats filesystem running the metricbeats as docker or kubernetes?
To late to reopen this article since it was already closed How to get the all disks(Drive) via metricbeat?
Additionally even that xfs is not stated as ignored filesystem it is not parsed by the metricbeats
Thank you.