Monitoring overviewedit
When you monitor a cluster, you collect data from the Elasticsearch nodes, Logstash nodes, Kibana instances, Enterprise Search, APM Server, and Beats in your cluster. You can also collect logs.
All of the monitoring metrics are stored in Elasticsearch, which enables you to easily visualize the data in Kibana. By default, the monitoring metrics are stored in local indices.
In production, we strongly recommend using a separate monitoring cluster. Using a separate monitoring cluster prevents production cluster outages from impacting your ability to access your monitoring data. It also prevents monitoring activities from impacting the performance of your production cluster. For the same reason, we also recommend using a separate Kibana instance for viewing the monitoring data.
You can use Elastic Agent or Metricbeat to collect and ship data directly to your monitoring cluster rather than routing it through your production cluster.
The following diagram illustrates a typical monitoring architecture with separate production and monitoring clusters. This example shows Metricbeat, but you can use Elastic Agent instead.
If you have the appropriate license, you can route data from multiple production clusters to a single monitoring cluster. For more information about the differences between various subscription levels, see: https://www.elastic.co/subscriptions
In general, the monitoring cluster and the clusters being monitored should be running the same version of the stack. A monitoring cluster cannot monitor production clusters running newer versions of the stack. If necessary, the monitoring cluster can monitor production clusters running the latest release of the previous major version.