Monitoring Settings in Kibana

Monitoring is enabled by default when you install X-Pack. You can adjust how monitoring data is displayed in the Monitoring UI by configuring xpack.monitoring settings in kibana.yml.

To control how data is collected from your Elasticsearch nodes, you configure xpack.monitoring.collection settings in elasticsearch.yml. To control how monitoring data is collected from Logstash, you configure xpack.monitoring settings in logstash.yml.

For more information, see Monitoring the Elastic Stack.

Monitoring UI Settings

You can set the following xpack.monitoring settings in kibana.yml to adjust how the Monitoring UI displays monitoring data. However, the defaults work best in most circumstances. For more information about configuring Kibana, see Setting Kibana Server Properties.

Set to false to disable the X-Pack monitoring UI.
The location of the Elasticsearch instance(s) where your monitoring data is stored. By default, this is the same as the elasticsearch.url. This setting enables you to use a single Kibana instance to search and visualize data in your production cluster as well as monitor data sent to a dedicated monitoring cluster.
Whether or not to enable data collection from the Kibana NodeJS server for Kibana Dashboards to be featured in the Monitoring UI. Defaults to true.
Number of milliseconds to wait in between data sampling for Kibana’s NodeJS server for the metrics that are displayed in the Kibana dashboards. Defaults to 10000 (10 seconds).
The number of term buckets to return out of the overall terms list when performing terms aggregations to retrieve index and node metrics. For more information about the size parameter, see Terms Aggregation. Defaults to 10000.
The minimum number of seconds that a time bucket in a chart can represent. Defaults to 10. If you modify the xpack.monitoring.collection.interval in elasticsearch.yml, set this option to the same value.
The node resolver controls how nodes are considered unique. This can be set to either uuid, transport_address, or name. uuid controls uniqueness based on the node’s persistent ID. transport_address controls uniqueness based on the node’s published hostname/IP and port. name controls uniqueness based on the node’s setting. Defaults to uuid.
Whether or not to send cluster statistics to Elastic. Reporting your cluster statistics helps us improve your user experience. Your data is never shared with anyone. Set to false to disable statistics reporting from any browser connected to the Kibana instance. You can also opt-out on a per-browser basis through the Monitoring user interface. Defaults to true.
Set to false to hide the Monitoring UI in Kibana. The Monitoring back-end continues to run as an agent for sending Kibana stats to the Monitoring cluster. Defaults to true.
Monitoring UI Container Settings

The Monitoring UI exposes the Cgroup statistics that we collect for you to make better decisions about your container performance, rather than guessing based on the overall machine performance. If you are not running your applications in a container, then Cgroup statistics will not be useful.


For Elasticsearch clusters that are running in containers, this setting changes the Node Listing to display the CPU Utilization based on the reported Cgroup statistics. This will also add the calculated Cgroup CPU Utilization to the Node Overview page instead of the overall operating system’s CPU Utilization. Defaults to false.

Elasticsearch Inside a Container

X-Pack monitoring TLS/SSL Settings

You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1. Defaults to the value of xpack.ssl.supported_protocols.
Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.

X-Pack monitoring TLS/SSL Key and Trusted Certificate Settings

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the Default TLS/SSL Settings are used. A private key and certificate are optional and would be used if the server requires client authentication for PKI authentication. If none of the settings below are specified, the Default TLS/SSL Settings are used.

PEM Encoded Files

When using PEM encoded files, use the following settings:

Path to a PEM encoded file containing the private key.
The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
List of paths to the PEM encoded certificate files that should be trusted.

Java Keystore Files

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:

Path to the keystore that holds the private key and certificate.
Password to the keystore.
Password for the private key in the keystore. Defaults to the same value as xpack.monitoring.exporters.$NAME.ssl.keystore.password.
Path to the truststore file.
Password to the truststore.