I have a question, how does metricbeat decide what filesystems it will monitor?
I configured the system module, made sure that metricsets filesystem was added, made sure no FS were being ignored, but I still could not see the FS i was looking for.
Example config
- module: system
period: ${SYSTEM_PERIOD:1m}
metricsets:
- core
- cpu
- load
- memory
- network
- diskio
- filesystem
- process
cpu_ticks: false
process.cgroups.enabled: false
processes: ['^phantomjs$']
This was in a container, using upstream metricbeat docker images (7.12, i think).
I logged onto the container and made sure that I could see the FS I was wanting to monitor using Linux commands
bash-4.2$ df -h | grep docker
/dev/nvme1n1 30G 5.9G 23G 21% /hostfs/root/var/lib/docker
bash-4.2$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop1 7:1 0 55.4M 1 loop /hostfs/root/snap/core18/2128
nvme0n1 259:2 0 50G 0 disk
`-nvme0n1p1 259:3 0 50G 0 part /hostfs/root
nvme2n1 259:1 0 40G 0 disk /var/share/log
loop2 7:2 0 25M 1 loop /hostfs/root/snap/amazon-ssm-agent/4046
loop0 7:0 0 32.3M 1 loop /hostfs/root/snap/snapd/12883
nvme1n1 259:0 0 30G 0 disk /hostfs/root/var/lib/docker
But I could never see /hostfs/root/var/lib/docker inside elasticsearch. I could see other FS in the above list, but not the one I was after.
Any pointers would be gratefully received.
To add, I also checked to make sure our logstash config was not messing around with any data from metricbeat.
Cheers in advanced