Been playing with the ELK stack pretty heavily the last week or so running on a Windows platform. I'd like to collect per CPU metrics and have them display on a time series. This is what I have in the windows.yml module config for 8 cores:
In Kibana, after refreshing my index, I see windows.perfmon.core.0 and windows.perfmon.core.0.keyword. In the Discover tab, I see those as selectable fields but they're all empty. Question:
I don't want both core.0 and core.0.keyword, how do I get rid of one of them?
a. Would it be recommended to keep the one that is aggregatable?
What else needs to be done to get the data that is collected to properly display?
Which version of MB do you have? I suspect you didn't load the MB template, because our default template defines all string fields as keyword, so there shouldn't be two fields created.
The Metricbeat template should be loaded automatically when connecting to ES, so tell me more about your setup please. Is MB sending data directly to ES?
Alright, I deleted my metricbeat indices, manually loaded the templates and have single entries for each perfmon counter I have specified. It's been about 30 minutes but I am still not getting any data aligned with those fields in the Discover section of Kibana. Is there something else I need to configure? Below is what I am seeing as well as the windows.yaml and windows module status
Can you expand one of those events for me to see how it looks like? You can also start Metricbeat with the -d "publish" flag, in which case Metricbeat will print the created events at the console. This might speed up the troubleshooting:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
