Monitoring Elasticsearch

X-Pack monitoring enables you to easily monitor the health of your Elasticsearch cluster. The monitoring metrics are collected from each node and stored in Elasticsearch indices.

Each Elasticsearch node is considered unique based on its persistent UUID, which is written on first start to its path.data directory, which defaults to ./data.

All settings associated with X-Pack monitoring in Elasticsearch must be set in either the elasticsearch.yml file for each node or, where possible, in the dynamic cluster settings. For more information, see Configuring Monitoring.

Elasticsearch is also at the core of X-Pack monitoring across the Elastic Stack. In all cases, X-Pack monitoring documents are just ordinary JSON documents built by monitoring each Elastic Stack component at some collection interval, then indexing those documents into the monitoring cluster. Each component in the stack is responsible for monitoring itself and then forwarding those documents to Elasticsearch for both routing and indexing (storage).

The routing and indexing processes in Elasticsearch are handled by what are called collectors and exporters. In the past, collectors and exporters were considered to be part of a monitoring "agent", but that term is generally not used anymore.

You can view monitoring data from Kibana where it’s easy to spot issues at a glance or delve into the system behavior over time to diagnose operational issues. In addition to the built-in status warnings, you can also set up custom alerts based on the data in the monitoring indices.

For an introduction to monitoring your Elastic stack, including Beats, Logstash, and Kibana, see Monitoring the Elastic Stack.