Hello, this is more of a technical question. Where does Metricbeat get its data about system.diskio?
I had problems with my disks in my cluster so I want to accurately track my total disk writes. I installed Metricbeat and activated system.diskio. I get the data, no problem.
The field system.diskio.write.bytes tells me around 2000GB. Sounds reasonable. But how does Metricbeat actually collect this data? Were is it from?
When I use other CrystalDiskInfo it tells me the Write Sector Count is X, every sector has 512Bytes. XY * 512Bytes = 8000GB. So one of the values is 6TB off. Thats a bit much and not really reliable.
Assuming you are on Windows, then the code to get the disk IO stats on Windows can be found here for recent 8.x releases.
Metricbeat is using the deviceiocontrol function with the IOCTL_DISK_PERFORMANCE control code to obtain drive statistics. That call gives metricbeat a DISK_PERFORMANCE structure as a response and the system.diskio.write.bytes value maps to the BytesWritten in the DISK_PERFORMANCE structure.
I found what I think is the source code for CrystalDiskInfo and it appears to be using different APIs based on drive type and vendor in some cases. This is much more specialized than what metricbeat is doing right now.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.