- Metricbeat Reference: other versions:
- Overview
- Getting started with Metricbeat
- Setting up and running Metricbeat
- Upgrading Metricbeat
- How Metricbeat works
- Configuring Metricbeat
- Specify which modules to run
- Specify general settings
- Load external configuration files
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- Autodiscover
- YAML tips and gotchas
- Regular expression support
- HTTP Endpoint
- metricbeat.reference.yml
- Beats central management
- Modules
- Aerospike module
- Apache module
- Ceph module
- Couchbase module
- Docker module
- Dropwizard module
- Elasticsearch module
- Elasticsearch ccr metricset
- Elasticsearch cluster_stats metricset
- Elasticsearch index metricset
- Elasticsearch index_recovery metricset
- Elasticsearch index_summary metricset
- Elasticsearch ml_job metricset
- elasticsearch ml_job MetricSet
- Elasticsearch node metricset
- Elasticsearch node_stats metricset
- Elasticsearch pending_tasks metricset
- elasticsearch pending_tasks MetricSet
- Elasticsearch shard metricset
- envoyproxy module
- Etcd module
- Golang module
- Graphite module
- HAProxy module
- HTTP module
- Jolokia module
- Kafka module
- Kibana module
- Kubernetes module
- Kubernetes apiserver metricset
- Kubernetes container metricset
- Kubernetes event metricset
- Kubernetes node metricset
- Kubernetes pod metricset
- Kubernetes state_container metricset
- Kubernetes state_deployment metricset
- Kubernetes state_node metricset
- Kubernetes state_pod metricset
- Kubernetes state_replicaset metricset
- Kubernetes state_statefulset metricset
- Kubernetes system metricset
- Kubernetes volume metricset
- kvm module
- Logstash module
- Memcached module
- MongoDB module
- Munin module
- MySQL module
- Nginx module
- PHP_FPM module
- PostgreSQL module
- Prometheus module
- RabbitMQ module
- Redis module
- System module
- System core metricset
- System cpu metricset
- System diskio metricset
- System filesystem metricset
- System fsstat metricset
- System load metricset
- System memory metricset
- System network metricset
- System process metricset
- System process_summary metricset
- System raid metricset
- System socket metricset
- System socket_summary metricset
- System uptime metricset
- traefik module
- uwsgi module
- vSphere module
- Windows module
- ZooKeeper module
- Exported fields
- Aerospike fields
- Apache fields
- Beat fields
- Ceph fields
- Cloud provider metadata fields
- Common fields
- Couchbase fields
- Docker fields
- Docker fields
- Dropwizard fields
- Elasticsearch fields
- envoyproxy fields
- Etcd fields
- Golang fields
- Graphite fields
- HAProxy fields
- Host fields
- HTTP fields
- Jolokia fields
- Kafka fields
- Kibana fields
- Kubernetes fields
- Kubernetes fields
- kvm fields
- Logstash fields
- Memcached fields
- MongoDB fields
- Munin fields
- MySQL fields
- Nginx fields
- PHP_FPM fields
- PostgreSQL fields
- Prometheus fields
- RabbitMQ fields
- Redis fields
- System fields
- traefik fields
- uwsgi fields
- vSphere fields
- Windows fields
- ZooKeeper fields
- Monitoring Metricbeat
- Securing Metricbeat
- Troubleshooting
- Contributing to Beats
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
System socket metricset
editSystem socket metricset
editThis metricset is available on Linux only and requires kernel 2.6.14 or newer.
The system socket metricset reports an event for each new TCP socket that it
sees. It does this by polling the kernel periodically to get a dump of all
sockets. You set the polling interval by configuring the period option.
Specifying a short polling interval with this metricset is important to avoid
missing short-lived connections. For example:
metricbeat.modules: - module: system metricsets: [cpu, memory] - module: system metricsets: [socket] period: 1s
|
You can configure the |
The metricset reports the process that has the socket open. In order to provide this information, Metricbeat must be running as root. Root access is also required to read the file descriptor information of other processes.
Configuration
edit- module: system metricsets: [socket] socket.reverse_lookup.enabled: false socket.reverse_lookup.success_ttl: 60s socket.reverse_lookup.failure_ttl: 60s
-
socket.reverse_lookup.enabled - You can configure the metricset to perform a reverse lookup on the remote IP, and the returned hostname will be added to the event and cached. If a hostname is found, then the eTLD+1 (effective top-level domain plus one level) value will also be added to the event. Reverse lookups are disabled by default.
-
socket.reverse_lookup.success_ttl - The results of successful reverse lookups are cached for the period of time defined by this option. The default value is 60s.
-
socket.reverse_lookup.failure_ttl - The results of failed reverse lookups are cached for the period of time defined by this option. The default value is 60s.
Fields
editFor a description of each field in the metricset, see the exported fields section.
Here is an example document generated by this metricset:
{ "@timestamp": "2017-10-12T08:05:34.853Z", "beat": { "hostname": "host.example.com", "name": "host.example.com" }, "metricset": { "module": "system", "name": "socket", "rtt": 115 }, "system": { "socket": { "direction": "listening", "family": "ipv4", "local": { "ip": "127.0.0.11", "port": 45723 }, "process": { "cmdline": "/tmp/go-build519327234/github.com/elastic/beats/metricbeat/module/system/socket/_test/socket.test -test.v=true -data", "command": "socket.test", "exe": "/tmp/go-build519327234/github.com/elastic/beats/metricbeat/module/system/socket/_test/socket.test", "pid": 2025 }, "user": { "id": 0, "name": "root" } } } }
On this page
Was this helpful?
Thank you for your feedback.