System health based on multiple metrics

I am looking to display the health of a system based on multiple metrics, e.g. cpu/memory/page load times via iis/uptime etc.

So I have multiple beats and Elasticsearch ingesting multiple data points.

Ideally I want to look at all the individual metrics mentioned above then display whether a system is healthy based on whether or not the individual metrics meet certain conditions.

Does anyone have any experience doing this or can point me in the right direction?

Hi @Garry. Can the fields in a single document determine the health or do you need to use aggregations to determine health?

You might be able to write a runtime field to output a health value for each document.

But, if you need to use aggregations to determine health, you might want to look at some of the advanced capabilities of TSVB.

Hi @nickpeihl, I will need to look at the values in various indices.
For example, for the health in one system I may need to look at uptime values for 2 URLs from heartbeat index, then look at the average page load times in IIS from filebeat index then look at latest metricbeat index for cpu and memory. Based on these returned values in each index i then need to make a decision on where that system is healthy. E.g. URLs are 'UP' + avg page load time for past 30 mins is <x + avg cpu for past 30 mins <90% and memory usage<95%

Hi Garry. You might be able to use TSVB for this.

You can create a Data view (called "Index pattern" before 8.0) that matches your indices. The pattern can accept comma separated values as well (example: logs-*,metrics-*). This way you have a single Data view that can be used by TSVB to pull data from multiple indices. TSVB supports pipeline aggregations that should help with advanced determinations such as yours.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.