Metricbeat monitor systemd process

Can I know, do you have example how i can monitor systemd and few java process. One of it is httpd and java process based on folder for isntance config. usually i do is ps -ef | grep config/

Hi @josh12 !

There is a complete list of modules list at Modules | Metricbeat Reference [7.x] | Elastic. Please have a look and check if any of these can cover your needs.

C.

With Metricbeat System Module you can provide a list or regex of the processes you want to monitor.

See here

hi, i saw this. but this process like httpd. which referring to system d process. but mine i start application via jar for instance. this jar place in config folder. how can this be done

I am not sure I understand, Look at top or ps and see the name of the process and monitor that.

If you have multiple Java Processes that is OK then you can filter by user name or command path or some other variable else to only View, Visualize or Alert on the processes you are interested in.

First just start with the java process ... and try, look, adjust.

Example here is my elasticsearch started with systemctl tons of good info....
Note process.name, service.name service.type, username etc

Metricbeat captures all the info even for processes started with systemd.

{
  "_index": "metricbeat-7.12.1-2021.08.10-000002",
  "_type": "_doc",
  "_id": "8grXxXsBP17jPop3pMcG",
  "_score": 1,
  "_ignored": [
    "process.command_line"
  ],
  "_source": {
    "@timestamp": "2021-09-08T14:37:27.938Z",
    "user": {
      "name": "elasticsearch"
    },
    "process": {
      "name": "java",
      "memory": {
        "pct": 0.5828
      },
      "args": [
        "/usr/share/elasticsearch/jdk/bin/java",
        "-Xshare:auto",
        "-Des.networkaddress.cache.ttl=60",
        "-Des.networkaddress.cache.negative.ttl=10",
        "-XX:+AlwaysPreTouch",
        "-Xss1m",
        "-Djava.awt.headless=true",
        "-Dfile.encoding=UTF-8",
        "-Djna.nosys=true",
        "-XX:-OmitStackTraceInFastThrow",
        "-XX:+ShowCodeDetailsInExceptionMessages",
        "-Dio.netty.noUnsafe=true",
        "-Dio.netty.noKeySetOptimization=true",
        "-Dio.netty.recycler.maxCapacityPerThread=0",
        "-Dio.netty.allocator.numDirectArenas=0",
        "-Dlog4j.shutdownHookEnabled=false",
        "-Dlog4j2.disable.jmx=true",
        "-Djava.locale.providers=SPI,COMPAT",
        "--add-opens=java.base/java.io=ALL-UNNAMED",
        "-XX:+UseG1GC",
        "-Djava.io.tmpdir=/tmp/elasticsearch-7468874139594514904",
        "-XX:+HeapDumpOnOutOfMemoryError",
        "-XX:HeapDumpPath=/var/lib/elasticsearch",
        "-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log",
        "-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m",
        "-Xms7502m",
        "-Xmx7502m",
        "-XX:MaxDirectMemorySize=3934257152",
        "-XX:G1HeapRegionSize=4m",
        "-XX:InitiatingHeapOccupancyPercent=30",
        "-XX:G1ReservePercent=15",
        "-Des.path.home=/usr/share/elasticsearch",
        "-Des.path.conf=/etc/elasticsearch",
        "-Des.distribution.flavor=default",
        "-Des.distribution.type=deb",
        "-Des.bundled_jdk=true",
        "-cp",
        "/usr/share/elasticsearch/lib/*",
        "org.elasticsearch.bootstrap.Elasticsearch",
        "-p",
        "/var/run/elasticsearch/elasticsearch.pid",
        "--quiet"
      ],
      "pid": 9931,
      "state": "sleeping",
      "ppid": 1,
      "pgid": 9931,
      "command_line": "/usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-7468874139594514904 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms7502m -Xmx7502m -XX:MaxDirectMemorySize=3934257152 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.flavor=default -Des.distribution.type=deb -Des.bundled_jdk=true -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet",
      "cpu": {
        "start_time": "2021-08-02T19:13:37.000Z",
        "pct": 0.0308
      }
    },
    "ecs": {
      "version": "1.8.0"
    },
    "host": {
      "hostname": "stephenb-metrics-test-es1",
      "architecture": "x86_64",
      "os": {
        "kernel": "5.4.0-1037-gcp",
        "codename": "bionic",
        "type": "linux",
        "platform": "ubuntu",
        "version": "18.04.4 LTS (Bionic Beaver)",
        "family": "debian",
        "name": "Ubuntu"
      },
      "id": "ea00766ae3383793ce11e35841907e62",
      "containerized": false,
      "name": "stephenb-metrics-test-es1",
      "ip": [
        "10.168.0.81",
        "fe80::4001:aff:fea8:51"
      ],
      "mac": [
        "42:01:0a:a8:00:51"
      ]
    },
    "event": {
      "module": "system",
      "duration": 31020012,
      "dataset": "system.process"
    },
    "metricset": {
      "period": 10000,
      "name": "process"
    },
    "service": {
      "type": "system"
    },
    "system": {
      "process": {
        "memory": {
          "size": 37964939264,
          "rss": {
            "bytes": 9169653760,
            "pct": 0.5828
          },
          "share": 270979072
        },
        "cmdline": "/usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-7468874139594514904 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms7502m -Xmx7502m -XX:MaxDirectMemorySize=3934257152 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.flavor=default -Des.distribution.type=deb -Des.bundled_jdk=true -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet",
        "cgroup": {
          "id": "elasticsearch.service",
          "path": "/system.slice/elasticsearch.service",
          "cpu": {
            "stats": {
              "throttled": {
                "periods": 0,
                "ns": 0
              },
              "periods": 0
            },
            "id": "elasticsearch.service",
            "path": "/system.slice/elasticsearch.service",
            "cfs": {
              "period": {
                "us": 100000
              },
              "quota": {
                "us": 0
              },
              "shares": 1024
            },
            "rt": {
              "period": {
                "us": 0
              },
              "runtime": {
                "us": 0
              }
            }
          },
          "cpuacct": {
            "percpu": {
              "1": 134616013558398,
              "2": 138302771045464,
              "3": 132284909738562,
              "4": 127479625987749
            },
            "id": "elasticsearch.service",
            "path": "/system.slice/elasticsearch.service",
            "total": {
              "ns": 532683320330173
            },
            "stats": {
              "system": {
                "ns": 17091510000000
              },
              "user": {
                "ns": 505169830000000
              }
            }
          },
          "memory": {
            "path": "/system.slice/elasticsearch.service",
            "mem": {
              "usage": {
                "bytes": 12968095744,
                "max": {
                  "bytes": 13722361856
                }
              },
              "failures": 0,
              "limit": {
                "bytes": 9223372036854772000
              }
            },
            "memsw": {
              "limit": {
                "bytes": 0
              },
              "usage": {
                "max": {
                  "bytes": 0
                },
                "bytes": 0
              },
              "failures": 0
            },
            "kmem": {
              "failures": 0,
              "limit": {
                "bytes": 9223372036854772000
              },
              "usage": {
                "bytes": 784539648,
                "max": {
                  "bytes": 855101440
                }
              }
            },
            "kmem_tcp": {
              "failures": 0,
              "limit": {
                "bytes": 9223372036854772000
              },
              "usage": {
                "bytes": 0,
                "max": {
                  "bytes": 0
                }
              }
            },
            "stats": {
              "cache": {
                "bytes": 3278913536
              },
              "inactive_anon": {
                "bytes": 0
              },
              "unevictable": {
                "bytes": 0
              },
              "swap": {
                "bytes": 0
              },
              "hierarchical_memory_limit": {
                "bytes": 9223372036854772000
              },
              "rss_huge": {
                "bytes": 0
              },
              "rss": {
                "bytes": 8904138752
              },
              "pages_in": 340187694,
              "page_faults": 30472332,
              "major_page_faults": 12342,
              "hierarchical_memsw_limit": {
                "bytes": 0
              },
              "inactive_file": {
                "bytes": 2548342784
              },
              "mapped_file": {
                "bytes": 278040576
              },
              "pages_out": 337213265,
              "active_anon": {
                "bytes": 8904192000
              },
              "active_file": {
                "bytes": 730591232
              }
            },
            "id": "elasticsearch.service"
          },
          "blkio": {
            "path": "/system.slice/elasticsearch.service",
            "total": {
              "bytes": 282488512512,
              "ios": 26043970
            },
            "id": "elasticsearch.service"
          }
        },
        "cpu": {
          "total": {
            "pct": 0.123,
            "norm": {
              "pct": 0.0308
            },
            "value": 532678690
          },
          "start_time": "2021-08-02T19:13:37.000Z"
        },
        "state": "sleeping"
      }
    },
    "agent": {
      "ephemeral_id": "583c23f1-c8aa-406c-b47c-cb10c4f5c3aa",
      "id": "733d62f5-6cba-4105-ac99-3306c2974593",
      "name": "stephenb-metrics-test-es1",
      "type": "metricbeat",
      "version": "7.12.1",
      "hostname": "stephenb-metrics-test-es1"
    },
    "cloud": {
      "instance": {
        "id": "5965132298341826883",
        "name": "stephenb-metrics-test-es1"
      },
      "machine": {
        "type": "n1-standard-4"
      },
      "availability_zone": "us-west2-a",
      "project": {
        "id": "elastic-sa"
      },
      "account": {
        "id": "elastic-sa"
      },
      "provider": "gcp"
    }
  }
...

Can I ask last question, i want to view the process running or not in time series graph. u have idea what i'm doing wrong?

U want to visualize is up or down. we can use hertbeat. but i prefer metricbeat

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.