I'm looking at replicating the functionality of a legacy monitoring system, and Metricbeat appears to collect most of the data I need, with one thing missing being system uptime. (Which is used to generate alarms if it's not very long, as that suggests the system has rebooted.)
I can get a proxy for that by seeing how long process 1 has been running
processes: ['.*']
processors:
- drop_event:
when:
and:
- equals:
metricset.name: process
- not:
equals:
system.process.pid: 1
but this is not very pretty. Is there a better way?