Metricbeat system module, processes seems to only see metricbeat.exe

Elastic Stack Beats
1

I am using metricbeats v 6.4. I would like to see top 5 processes by CPU and Memory. However I only see metricbeat.exe for system.process.name. I added the processes filter and set it to regex on anything ('.'). After that change metricbeat was still the only proc to show up in Kibana. To prove that filter had affects, I tried a pattern that shouldn't find anything ('peanutbutter'), and as expected I stopped getting metricbeat.exe. Changed it back to wildcard ('.') and metricbeat.exe re-appeared.

As a side note, the provided examples were a bit confusing. I read a recommendation to do my configurations within modules.d, yet those examples all appeared to be within metricbeat.yml. It wasn't difficult to "convert" them to work in system.yml, but perhaps that is where my mistake lives. I also saw examples where cpu.metrics: [percentages, normalized_percentages, ticks] has quotes around each metric in there, and without quotes. Is what I have correct?

This is my system.yml:

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/6.4/metricbeat-module-system.html

- module: system
  period: 10s
  metricsets:
    - cpu
    #- load
    - memory
    - network
    - process
    - process_summary
    #- core
    - diskio
    #- socket
  cpu.metrics: [percentages, normalized_percentages, ticks]
  processes: ['.*']
  process.include_top_n:
    by_cpu: 5      # include top 5 processes by CPU
    by_memory: 5   # include top 5 processes by memory

- module: system
  period: 1m
  metricsets:
    - filesystem
    - fsstat
  processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'

- module: system
  period: 15m
  metricsets:
    - uptime

#- module: system
#  period: 5m
#  metricsets:
#    - raid
#  raid.mount_point: '/'
2

Hello! processes: ['.*'] looks right to me but I think under cpu.metrics, everything needs to be in quotes. For example: cpu.metrics: ["percentages"].

3

Thanks Kaiyan.
I tried surrounding the cpu.metrics values in quotes, but that didn't seem to make a difference. Both before and after the change in quotes I could observe "system.process.cpu.total.norm.pct" in Kibana.

FYI this docs suggest not using quotes: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-metricset-system-cpu.html

And this docs has quotes: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-system.html

4

Haha yeah I will create a ticket to fix the documentation! I'm wondering if processes: ['.*'] is conflict with process.include_top_n: by_cpu: 5 # include top 5 processes by CPU by_memory: 5 # include top 5 processes by memory.

Can you try remove process.include_top_n and give it a try please?

5

Hi Kaiyan, I gave your suggestion of removing top-n a try. Unfortunately I am still just seeing metricbeat come through the system process module. Metricbeat is definitely not in the top for memory nor cpu. Although I am unsure what is supposed to be reported without the top_n setting enabled; which process should it report on?

The process summary module is working nicely, but doesn't have the details we would like to see. The process data returned on metricbeat looks great, and I'd like to see it for other processes.

I commented out the include top n as well as the include top 5 process/cpu as such (and restarted the service):

  #process.include_top_n:
    #by_cpu: 5      # include top 5 processes by CPU
    #by_memory: 5   # include top 5 processes by memory
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.