Use internal collection to send monitoring data
editUse internal collection to send monitoring data
editUse internal collectors to send Beats monitoring data directly to your monitoring cluster. Or as an alternative to internal collection, use Metricbeat collection. The benefit of using internal collection instead of Metricbeat is that you have fewer pieces of software to install and maintain.
-
Create a user that has appropriate authority to send system-level monitoring
data to Elasticsearch. For example, you can use the built-in
beats_system
user or assign the built-inbeats_system
role to another user. For more information, see Grant privileges and roles needed for monitoring. -
Add the
monitoring
settings in the Journalbeat configuration file. If you configured the Elasticsearch output and want to send Journalbeat monitoring events to the same Elasticsearch cluster, specify the following minimal configuration:monitoring: enabled: true elasticsearch: username: beats_system password: somepassword
If you configured a different output, such as Logstash or you want to send Journalbeat monitoring events to a separate Elasticsearch cluster (referred to as the monitoring cluster), you must specify additional configuration options. For example:
monitoring: enabled: true cluster_uuid: PRODUCTION_ES_CLUSTER_UUID elasticsearch: hosts: ["https://example.com:9200", "https://example2.com:9200"] username: beats_system password: somepassword
This setting identifies the Elasticsearch cluster under which the monitoring data for this Journalbeat instance will appear in the Stack Monitoring UI. To get a cluster’s
cluster_uuid
, call theGET /
API against that cluster.This setting identifies the hosts and port numbers of Elasticsearch nodes that are part of the monitoring cluster.
If you want to use PKI authentication to send monitoring events to Elasticsearch, you must specify a different set of configuration options. For example:
monitoring: enabled: true cluster_uuid: PRODUCTION_ES_CLUSTER_UUID elasticsearch: hosts: ["https://example.com:9200", "https://example2.com:9200"] username: "" ssl: ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] ssl.certificate: "/etc/pki/client/cert.pem" ssl.key: "/etc/pki/client/cert.key"
You must specify the
username
as""
explicitly so that the username from the client certificate (CN
) is used. See Specify SSL settings for more information about SSL settings. - Start Journalbeat.
- View the monitoring data in Kibana.