Metricbeat & zabbix

which one is better for large computer center (10,000+) linux system?
we have zabbix running at this time with alerting and few more stuff with it.

tested metricbeat with few system, just system level stuff and index become so large in few days.

any expert advice on it?

Zabbix is a very successful software with a very specific scope and quite a few moving pieces which makes it more difficult to maintain than a Elasticsearch cluster, for example.

Better or not really depends on your use case, the data you are currently ingesting and the data you might want to ingest.

Instead of thinking in terms of "better or worse" I encourage you to think about "what the Elastic Stack can add to improve the Observability of my entire system / company". You'll always end up gaining something a the cost of something else. Engineering is always a matter of tradeoffs You can always tune indices, freeze them or use ILM to manage the lifetime on indices.

Thank Mario,
but will matricbeat installed on 10000 system and then ingesting that on cluster feasible? is there any use cases?

index will grow crazy as I tested one system will send around 35mb of data in a day, simple system stats per min.

We have seen very big clusters in the order of thousands but I don't remember the exact number, the key thing here is to prepare a reasonable architecture where the bottleneck is under control. For example do not try something like this with a single Elasticsearch node which does everything

At the module level, System module has few metricsets that you can disable and enable if you want to reduce the amount of output. Ideally you should only index the data you are going to query.

You can always try and post your questions here, the community will try to help as much as possible.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.