In the Kibana UI > Uptime > Monitors, each monitor is listed. If you expand a monitor, there is a dropdown menu on the right hand side called Investigate, in the menu there are options like Show host logs and Show host metrics. These options always seem to be grayed out in my monitors.
So my question is, how do I go about linking a monitor to a specific group of hosts/pods/containers so that these options actually work?
I wasn't able to find much in the docs about this feature or how it works, so I'm kind of lost here.
Just like you brought uptime data into Elastic using Heartbeat, you need to bring logs using Filebeat and metrics using Metricbeat. The beats manage to put all the data into a common format called ECS (Elastic Common Schema), enabling Kibana to perform these cross-data links.
Apologies @riferrei I wasn't very clear here. I actually have metrics from Metricbeat and logs from Filebeat for the systems in question, but I can't seem to find a way to get these to link up with the Heartbeat uptime monitors. The heartbeat monitors run remotely (in a standalone Kubernetes cluster) rather than on the hosts themselves.
Unfortunately if the Heartbeat agent doesn't share a domain (APM) or hostname with the logs/metrics, it doesn't really fit the designed use case. We don't have any revision to this feature on our present roadmap, if you'd like to describe the functionality you're looking for please feel free to create an issue.
Thanks for this information @jkambic would you by chance be able to provide the field names which currently cause this linking to work? I couldn't find anything in the docs about what fields were actually used here.
Here are the fields uptime uses to determin links with other integerations from the heartbeat document
Show APM data --> doc.service.name or doc.url.domain
Show host metrics --> doc.monitor.ip
Show pod metrics --> doc..kubernetes.pod.uid
Show container metrics --> doc.container.id
Show host logs --> doc.monitor.ip
Show pod logs -->. doc.kubernetes.pod.uid
Show container logs --> doc.container.id
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.