Getting started: Monitor hosts with Elastic Observability

edit

This guide walks you through a simple monitoring scenario so you can learn the basics of creating an Elasticsearch cluster, adding data, and analyzing the results in Kibana. To get started, you can create a deployment in Elastic Cloud, where most of the configuration happens automatically. In just a few steps, you’ll learn how to retrieve metrics from your host and feed them directly into the Elastic Stack for viewing and monitoring.

In this tutorial, you’ll deploy the Elastic Stack, install an Elastic Agent on your host to collect logs and metrics, and visualize information from those collected logs and metrics.

If you prefer video tutorials, check out the Logging Quick Start or the Metrics Quick Start.

Prerequisites

edit

To get started, all you need is an internet connection, an email address, and a local or virtual machine from which you’d like to gather some performance data.

Step 1: Create an Elastic Cloud deployment

edit

If you’ve already signed up for a trial deployment you can skip this step.

An Elastic Cloud deployment offers you all of the features of the Elastic Stack as a hosted service. To test drive your first deployment, sign up for a free Elastic Cloud trial:

  1. Go to our Elastic Cloud Trial page.
  2. Enter your email address and a password.

    Start your free Elastic Cloud trial
  3. After you’ve logged in, you can create a deployment. Give your deployment a name and select Create deployment.

    Create your first deployment
  4. While the deployment sets up, make a note of your elastic superuser password and keep it in a safe place.
  5. Once the deployment is ready, select Continue. At this point, you access Kibana and a selection of setup guides.
  6. On the Observe my data card, select View integrations. The integrations page opens, showing a large collection of options for collecting and analyzing data. Note that you can also get to the integrations page from the Kibana home page.

    Observe my data card

Step 2: Add Elastic Agent and the Elastic Agent System integration

edit

Elastic Agent is a single, unified way to add monitoring for logs, metrics, and other types of data to a host. It can also protect hosts from security threats, query data from operating systems, and more. A single agent makes it easy and fast to deploy monitoring across your infrastructure. Each agent has a single policy (a collection of input settings) that you can update to add integrations for new data sources, security protections, and more.

Your new Elastic Cloud deployment includes a pre-configured instance of Fleet Server, which manages the Elastic Agents that you can use to monitor a host system.

  1. On the Integrations page, use the query bar to search for System and select the integration.

    System integration card
  2. Select Add System.
  3. Before configuring the integration, you’ll need to install and enroll Elastic Agent. Select Install Elastic Agent. The Set up System integration page opens.
  4. Download, install, and enroll the Elastic Agent on your host by selecting your host operating system and following the Install Elastic Agent on your host step.

    Install Elastic Agent page in Kibana

    Wait for confirmation that the Elastic Agent is enrolled. This takes about a minute.

  5. Select Add the integration.
  6. You can configure your System integration policy by choosing the types of logs, events, and metrics to collect. For this guide, keep the default options unchanged.

    Configure the system integration
  7. Click Confirm incoming data. Elastic Agent will download the configuration you specified in the policy you just created, start collecting data, and add it to Elasticsearch in your Elastic Cloud deployment.

    After the initial data is collected, a preview is available with data collected from your host system.

    Preview of incoming data

Step 3: Monitor host logs and metrics

edit
  1. Now that the data is flowing, click View assets to access dashboards related to the System integration.
  2. Choose a dashboard that is related to the operating system of your monitored system. Dashboards are available for Microsoft Windows systems and Unix like systems (for example, Linux and macOS).

    Agent list of visualizations
  3. Open the [Metrics System] Host overview dashboard to view performance metrics from your host system.

    The Host Overview dashboard in Kibana with various metrics from your monitored system

You can hover over any visualization to adjust its settings, or select the Edit button to make changes to the dashboard. To learn more, refer to Dashboard and visualizations.

Step 4: Tidying up

edit

You’ve now learned how to set up an Elastic Cloud deployment and bring in data from a host system. The process for monitoring other types of systems and applications is very similar. Just select the integration you need, and prompts in the UI will step you through the setup process.

To tidy up:

  1. If you’d like to remove Elastic Agent from your system, run the uninstall command from the directory where it’s running and then follow the prompts.

    You must run this command as the root user.

    sudo /Library/Elastic/Agent/elastic-agent uninstall

    If you run into any problems, check Uninstall Elastic Agents from edge hosts for the detailed uninstall steps.

What’s next?

edit

Learn more about Elastic Observability

  • For a more detailed version of this guide, including additional steps to monitor Nginx logs and metrics, check Get started with logs and metrics.
  • Take your investigation to a deeper level! Use Elastic Observability to unify your logs, metrics, uptime, and application performance data.
  • Are your eyes tired from staring at a wall of screens? Create alerts and find out about problems while sipping your favorite beverage poolside.
  • Got everything working as you want it? Roll out your agent policies to other hosts by deploying Elastic Agents across your infrastructure!

Learn about other Elastic solutions and features

  • Want to add search to your website, applications, or organization data? Try out Enterprise Search.
  • Want Elastic to do the heavy lifting? Use machine learning to detect anomalies.
  • Want to protect your endpoints from security threats? Try Elastic Security. Adding endpoint protection is just another integration that you add to the agent policy!