Collecting Kibana monitoring dataedit

If you enable the Elastic monitoring features in your cluster, you can optionally collect metrics about Kibana.

The following method involves sending the metrics to the production cluster, which ultimately routes them to the monitoring cluster. For an alternative method, see Collecting monitoring data with Metricbeat.

To learn about monitoring in general, see Monitor a cluster.

  1. Set the xpack.monitoring.collection.enabled setting to true on each node in the production cluster. By default, it is is disabled (false).

    You can specify this setting in either the elasticsearch.yml on each node or across the cluster as a dynamic cluster setting. If Elasticsearch security features are enabled, you must have monitor cluster privileges to view the cluster settings and manage cluster privileges to change them.

    • To update the cluster settings in Kibana:

      1. Open Kibana in your web browser.

        By default, if you are running Kibana locally, go to http://localhost:5601/.

        If Elasticsearch security features are enabled, log in.

      2. In the side navigation, click Stack Monitoring. If data collection is disabled, you are prompted to turn it on.
    • From the Console or command line, set xpack.monitoring.collection.enabled to true on the production cluster.

      For example, you can use the following APIs to review and change this setting:

      GET _cluster/settings
      PUT _cluster/settings
        "persistent": {
          "xpack.monitoring.collection.enabled": true

      For more information, see Monitoring settings in Elasticsearch and Cluster update settings.

  2. Verify that xpack.monitoring.enabled and xpack.monitoring.kibana.collection.enabled are set to true in the kibana.yml file. These are the default values. For more information, see Monitoring settings in Kibana.
  3. Identify where to send monitoring data. Kibana automatically sends metrics to the Elasticsearch cluster specified in the elasticsearch.hosts setting in the kibana.yml file. This property has a default value of http://localhost:9200.

    In production environments, we strongly recommend using a separate cluster (referred to as the monitoring cluster) to store the data. Using a separate monitoring cluster prevents production cluster outages from impacting your ability to access your monitoring data. It also prevents monitoring activities from impacting the performance of your production cluster.

    If X-Pack security is enabled on the production cluster, use an HTTPS URL such as https://<your_production_cluster>:9200 in this setting.

  4. If the Elastic security features are enabled on the production cluster:

    1. Verify that there is a valid user ID and password in the elasticsearch.username and elasticsearch.password settings in the kibana.yml file. These values are used when Kibana sends monitoring data to the production cluster.
    2. Configure Kibana to encrypt communications between the Kibana server and the production cluster. This set up involves generating a server certificate and setting server.ssl.* and elasticsearch.ssl.certificateAuthorities settings in the kibana.yml file on the Kibana server. For example:

      server.ssl.key: /path/to/your/server.key
      server.ssl.certificate: /path/to/your/server.crt

      If you are using your own certificate authority to sign certificates, specify the location of the PEM file in the kibana.yml file:

      elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem

      For more information, see Configuring security.

  5. Start Kibana.
  6. View the monitoring data in Kibana.