技术控

    今日:6| 主题:53285
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] Playing Around with Metricbeat and Elastic Stack 5.0

[复制链接]
那年的那年 发表于 2016-11-29 00:32:15
241 3

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

   After a long wait, the greatly anticipated release ofElastic Stack 5.0— the new name for theELK Stack— was announced. (You can see our guide on  installing the Elastic Stack beta here .)
  In the next couple of weeks, we will start to take a closer look at some of the new features.
  Since I’ve already covered a number of ways to monitor system metrics with ELK, I wanted to begin with trying out Metricbeat — a revamped version of Topbeat.
   As its name implies, Metricbeat collects a variety of metrics from your server (i.e., operating system and services) and ships them to an output destination of your choice. These destinations can be ELK components such as Elasticsearch or Logstash or other data processing platforms such asRedis or Kafka.
  Setting up the EMK Stack (Elasticsearch, Metricbeat, and Kibana)

  We’ll start by installing the components we’re going to use to construct the logging pipeline — Elasticsearch to store and index the data, Metricbeat to collect and forward the metrics, and Kibana to analyze them (Logstash has begun its retreat from the stack, something we will discuss in a future article).
  If you already have these components installed, feel free to slip to the next step.
  Installing Java

  First, we need Java 8:
  1. $ sudoadd-apt-repositoryppa:webupd8team/java
  2. $ sudoapt-getupdate
  3. $ sudoapt-getinstalloracle-java8-installer
复制代码
You can verify using this command:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
复制代码
Installing Elasticsearch and Kibana

  Next up, we’re going to download and install the public signing key for Elasticsearch:
  1. $ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
复制代码
Save the repository definition to ‘/etc/apt/sources.list.d/elastic-5.x.list’:
  1. $ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudotee -a /etc/apt/sources.list.d/elastic-5.x.list
复制代码
Update the system, and install Elasticsearch:
  1. $ sudoapt-getupdate && sudoapt-getinstallelasticsearch
复制代码
Run Elasticsearch using:
  1. $ sudoserviceelasticsearchstart
复制代码
You can make sure Elasticsearch is running using the following cURL:
  1. $ curl “http://localhost:9200”
复制代码
You should be seeing an output similar to this:
  1. {
  2. "name" : "GLOA3NX",
  3. "cluster_name" : "elasticsearch",
  4. "cluster_uuid" : "C4gM3wLFR9e4br_NQ0ksKQ",
  5. "version" : {
  6.    "number" : "5.0.0",
  7.    "build_hash" : "253032b",
  8.    "build_date" : "2016-10-26T05:11:34.737Z",
  9.    "build_snapshot" : false,
  10.    "lucene_version" : "6.2.0"
  11. },
  12. "tagline" : "You Know, for Search"
  13. }
复制代码
Next up, we’re going to install Kibana with:
  1. $ sudoapt-getinstallkibana
复制代码
To verify Kibana is connected properly to Elasticsearch, open up the Kibana configuration file at: /etc/kibana/kibana.yml, and make sure you have the following configuration defined:
  1. server.port: 5601
  2. elasticsearch.url: "http://localhost:9200"
复制代码
And, start Kibana with:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 0
复制代码
Installing Metricbeat

  Our final installation step is installing Metricbeat. To do this, you will first need to download and install the Elasticsearch public signing key.
  1. $ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
复制代码
Next, save the repository definition to /etc/apt/sources.list.d/elastic-5.x.list:
  1. $ echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudotee -a /etc/apt/sources.list.d/elastic-5.x.list
复制代码
Then, update your system and install Metricbeat:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 3
复制代码
Configuring the pipeline

  Now that we’ve got all the components in place, it’s time to build the pipeline. So our next step involves configuring Metricbeat — defining what data to collect and where to ship it to.
   Open the configuration file at /etc/metricbeat/metricbeat.yml .
   In the Modules configuration section, you define which system metrics and which service you want to track. Each module collects various metricsets from different services (e.g. Apache, MySQL). These modules, and their corresponding metricsets, need to be defined separately. Take a look at the supported modules here .
  By default, Metricbeat is configured to use the system module which collects server metrics, such as CPU and memory usage, network IO stats, and so on.
  In my case, I’m going to uncomment some of the metrics commented out in the system module, and add the apache module for tracking my web server.
  At the end, the configuration of this section looks as follows:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 4
复制代码
Next, you’ll need to configure the output, or in other words where you’d like to send all the data.
  Since I’m using a locally installed Elasticsearch, the default configurations will do me just fine. If you’re using a remotely installed Elasticsearch, make sure you update the IP address and port.
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 5
复制代码
If you’d like to output to another destination, that’s fine. You can ship to multiple destinations or comment out the Elasticsearch output configuration to add an alternative output. One such option is Logstash, which can be used to execute additional manipulations on the data and as a buffering layer in front of Elasticsearch.
  Once done, start Metricbeat with:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 6
复制代码
You should get the following output:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 7
复制代码
Not getting any errors is great, and another way to verify all is running as expected is to query Elasticsearch for created indices:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 8
复制代码
Analyzing the data in Kibana

  Our last and final step is to understand how to analyze and visualize the data to be able to extract some insight from the logged metrics.
  To do this, we first need to define a new index pattern for the Metricbeat data.
   In Kibana ( http://localhost:5601 ), open the Management page and define the Metricbeat index in the Index Patterns tab (if this is the first time you’re analyzing data to Kibana, this page will be displayed by default):
  

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

  Select @timestamp as the time-field name and create the new index pattern.
  Opening the Discover page, you should see all the Metricbeat data being collected and indexed.
  

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

  If you recall, we are monitoring two types of metrics: system metrics and Apache metrics. To be able to differentiate the two streams of data, a good place to start is by adding some fields to the logging display area.
  Start by adding the “metricset.module” and “metricset.name” fields.
  

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

  Visualizing the data

  Kibana is notorious for its visualization capabilities. As an example, let’s create a simple visualization that displays CPU usage over time.
  To do this, open the Visualize page and select the Line Chart visualization type.
  We’re going to compare, over time, the user and kernel space. Here is the configuration and the end-result:
  

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

  Now, luckily for us Elastic created an easy way to get started with building visualizations of the data by providing us with a way to download a Metricbeat dashboard. This will save us the time of figuring out how to build visualizations, a task that can be fun but can also consume quite a lot of time if you’re new to Kibana.
   Note:If you’re using Logz.io, you’ll find a pre-made Metricbeat dashboard in ELK Apps — our library of pre-made visualizations, dashboards, alerts and searches for various data types.
  To use the dashboard, cd into the Metricbeat installation folder and execute the installation script:
  1. $ java -version
  2. javaversion "1.8.0_111"
  3. Java(TM) SERuntimeEnvironment (build 1.8.0_111-b14)
  4. JavaHotSpot(TM) 64-BitServerVM (build 25.111-b14, mixedmode)
  5. 9
复制代码
After the script downloads all the dashboards, all you have to do is open up the Dashboard page, select Open, and select which dashboard you’d like to use.
  

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

  In Summary

  Playing around with new technology in a sandbox environment is always fun and worry-free. Deploying in production is an entirely different ball game, and it’s no wonder we meet ELK users still using Elasticsearch 1.x.
  Still, Elastic Stack 5.0 is a major improvement from the previous version, both from a user experience perspective and a performance/stability perspective.
   Logz.io is an AI-powered log analysis platform that offers the open source ELK Stack as a cloud service with machine learning technology and can be used for log analysis, IT infrastructure and application monitoring, business intelligence, and more.  Start your free trial today  !
   

Playing Around with Metricbeat and Elastic Stack 5.0

Playing Around with Metricbeat and Elastic Stack 5.0

   Daniel Berman
   Daniel Berman is Product Evangelist at Logz.io. He is passionate about log analytics, big data, cloud, and family and loves running, Liverpool FC, and writing about disruptive tech stuff.



上一篇:CyberChef – A Cyber Swiss Army Knife
下一篇:What’s new with Unity Connect: our first round of updates
嘿嘿 发表于 2016-11-29 01:44:22
禽兽不如应该是说不回帖的吧?
回复 支持 反对

使用道具 举报

aihze 发表于 2016-12-7 19:43:49
我也来顶一下..
回复 支持 反对

使用道具 举报

情缘阁 发表于 2016-12-14 13:25:28
支持楼主,拥护楼主,楼主英明呀!!!
回复 支持 反对

使用道具 举报

    *滑动验证:
    您需要登录后才可以回帖 登录 | 立即注册

    本版积分规则

    我要投稿

    推荐阅读

    阅读排行

    扫码访问 @iTTTTT瑞翔 的微博
    回页顶回复上一篇下一篇回列表
    手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )

    © 2001-2017 Comsenz Inc. Design: Dean. DiscuzFans.

    返回顶部 返回列表