Next Steps

Now that you have provisioned your first Elastic Cloud Enterprise cluster, you can try out a few things in the Cloud UI:

Enable Kibana

Kibana is an open source analytics and visualization platform designed to work with Elasticsearch that makes it easy to perform advanced data analysis and to visualize your data in a variety of charts, tables, and maps. Its simple, browser-based interface enables you to quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real time.

Every Elasticsearch cluster can use Kibana, but you must enable it first.

To enable Kibana on your cluster:

  1. Log into the Cloud UI.
  2. On the Clusters page, select the cluster where you want to enable Kibana.
  3. Go to the Kibana tab. If the cluster does not already have a running Kibana instance, click Enable Kibana.

    The new Kibana instance takes a few moments to provision.

After provisioning Kibana is complete, the Kibana tab shows you the endpoint URLs where you can access Kibana.

Tip

You can log into Kibana with the elastic superuser. The password was provided when you created your cluster or can be reset. On AWS and not able to access Kibana? Check if you need to update your endpoint URL first.

Enable Monitoring (formerly Marvel)

The X-Pack monitoring features let you monitor Elasticsearch through Kibana. You can view your cluster’s health and performance in real time and analyze past cluster, index, and node metrics. In Elasticsearch versions before 5.0, Marvel provides similar monitoring functionality.

Tip

In Elasticsearch 5.0, the monitoring features of Marvel became part of X-Pack. If you are using an Elasticsearch version before 5.0, think Marvel whenever you read about the X-Pack monitoring features.

Monitoring consists of two components:

  • A Monitoring agent that is installed on each node in your cluster. The Monitoring agent collects and indexes metrics from Elasticsearch, either on the same cluster or by sending metrics to an external monitoring cluster. Elastic Cloud Enterprise manages the installation and configuration of the monitoring agent for you, and you should not modify any of the settings.
  • The Monitoring (formerly Marvel) application plugin in Kibana that visualizes the monitoring metrics through a dashboard.

The steps in this section cover only the enablement of Monitoring. For more information on how to use Monitoring itself, see the X-Pack Monitoring documentation or the Marvel documentation if you are using an Elasticsearch version before 5.0.

Monitoring for Production Use

For production use, you should log metrics for clusters to a dedicated monitoring cluster (but never to the logging-and-metrics cluster that is used by ECE). Monitoring indexes metrics into Elasticsearch and these indexes consume storage, memory and CPU cycles like any other index. By using a separate monitoring cluster, you avoid affecting your production clusters.

You should also create a dedicated user for the clusters sending metrics and the monitoring cluster receiving them. For more information on creating a user with the right privileges, see Monitoring and Security (for version 5.0 and later) and Using Marvel with Shield (for versions before 5.0).

How many monitoring clusters you use depends on your requirements:

  • You can ship metrics for many clusters to a single monitoring cluster if your business requirements permit it.
  • While monitoring will work with a cluster running a single node, you need a minimum of three monitoring nodes to make monitoring highly available.
  • You might need to create dedicated monitoring clusters for isolation purposes in some cases. For example:

    • If you have many clusters and some of them are much larger than others, creating separate monitoring clusters prevents a large cluster from potentially affecting monitoring performance for smaller clusters.
    • If you need to silo Elasticsearch data for different business departments. Clusters that have been configured to ship metrics to a target monitoring cluster have access to indexing data and can manage monitoring index templates, which is addressed by creating separate monitoring clusters.

Monitoring indices that get sent to a monitoring cluster are not cleaned up automatically. You can use Curator to clean up these monitoring indices, like any other time-based index.

Tip

To avoid compatibility issues between versions, the cluster sending monitoring metrics and the monitoring cluster receiving them should be at the same Elasticsearch version. If using the same version is not feasible, check for breaking changes in the X-Pack Release Notes or the Marvel Release Notes to make sure that your versions are compatible.

Configure Where Monitoring Data Is Sent

When you enable monitoring on a cluster, you are configuring where the monitoring agent for your current cluster should send its metrics.

There are some prerequisites to keep in mind:

  • Both the cluster that is sending monitoring metrics and the monitoring cluster that receives the metrics must be configured to use Security (formerly Shield).
  • Only monitoring clusters that are at a compatible version are shown in the Cloud UI. The following versions are compatible:

    • 2.0 - 2.2
    • 2.3 - 2.4
    • 5.x - 5.x

      For example: An Elasticsearch cluster on version 2.1.3 can be configured to send metrics to a monitoring cluster on version 2.2.0, but it cannot send metrics to a monitoring cluster on version 2.3.4. The search results will show only the compatible cluster on version 2.2.0.

To make sure that monitoring data continues to be sent, we recommend that you keep the monitoring cluster at a version level that is equal to or ahead of the production cluster.

To enable monitoring, you need to:

  1. Log into the Cloud UI.
  2. On the Clusters page, select the cluster where you want to enable monitoring.
  3. Click the Manage tab and select Enable monitoring.
  4. Enter the name of the cluster where you would like the monitoring data sent.

    If a cluster is not listed, make sure that it is running a compatible version and is configured to use Security.

    Tip

    Remember to send metrics for production clusters to a dedicated monitoring cluster (but never to the logging-and-metrics cluster that is used by ECE).

To work with the monitoring metrics, access the Monitoring application in Kibana.

Enable Graph (Versions before 5.0)

Graph capabilities let you discover how items in an Elasticsearch index are related. You can explore the connections between indexed terms and see which connections are the most meaningful. This can be useful in a variety of applications, from fraud detection to recommendation engines.

In version 5.0 and later, Graph is automatically enabled, as X-Pack is installed along with Elasticsearch and Kibana.

For versions before 5.0: Graph is a plugin that needs to be added to your cluster. To enable Graph:

  1. Log into the Cloud UI.
  2. Click on a cluster name from the Clusters panel and click Manage.
  3. Click Edit configuration.
  4. In the Plugins section, select the graph plugin, if it is not installed already.
  5. Click Save changes.

After the plugin is installed, Graph can be accessed from Kibana.