Viewing monitoring data in Kibana

edit

Viewing monitoring data in Kibana

edit

After you collect monitoring data for one or more products in the Elastic Stack, you can configure Kibana to retrieve that information and display it in on the Monitoring page.

At a minimum, you must have monitoring data for the Elasticsearch production cluster. Once that data exists, Kibana can display monitoring data for other products in the cluster.

If you have a dedicated monitoring cluster, the information is accessible even if the Elasticsearch cluster you’re monitoring is not. You can send data from multiple clusters to the same monitoring cluster and view them all through the same instance of Kibana. To learn more about typical monitoring architectures with separate production and monitoring clusters, see How monitoring works.

  1. Configure monitoring in Elasticsearch. If you want to use a separate monitoring cluster, see Monitoring in a production environment.
  2. Optional: Configure monitoring in Kibana.
  3. Optional: Configure monitoring in Logstash.
  4. Optional: Configure monitoring in Auditbeat, Filebeat, Heartbeat, Metricbeat, Packetbeat, and Winlogbeat.
  5. Configure Kibana to visualize monitoring data:

    1. Verify that xpack.monitoring.ui.enabled is set to true, which is the default value. For more information, see Monitoring Settings.
    2. Identify where to retrieve monitoring data from. If you want to use a separate monitoring cluster, set xpack.monitoring.elasticsearch.url in the kibana.yml file. Otherwise, the monitoring data is stored in the production cluster.

      If security features are enabled on the monitoring cluster, use an HTTPS URL such as https://<your_monitoring_cluster>:9200 in this setting.

    3. If security features are enabled on the monitoring cluster, identify a user ID and password that Kibana can use to retrieve monitoring data. Specify these values in the xpack.monitoring.elasticsearch.username and xpack.monitoring.elasticsearch.password settings in the kibana.yml file. If these settings are omitted, Kibana uses the elasticsearch.username and elasticsearch.password setting values.
    4. If security features are enabled on the monitoring cluster, configure Kibana to encrypt communications between the Kibana server and the monitoring cluster. Specify the xpack.monitoring.elasticsearch.ssl.* settings in the kibana.yml file on the Kibana server.

      For example, if you are using your own certificate authority to sign certificates, specify the location of the PEM file in the kibana.yml file:

      xpack.monitoring.elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
  6. Open Kibana in your web browser and log in.

    If you are running Kibana locally, go to http://localhost:5601/.

    If security features are enabled on the Kibana server, to access Kibana and view the monitoring dashboards, you must log in as a user who has the kibana_user and monitoring_user roles. These roles have the necessary privileges to view the monitoring dashboards. For more information, see Built-in roles.

    If you are accessing a remote monitoring cluster, you must log in to Kibana with credentials that are valid on both the Kibana server and the monitoring cluster.

  7. In the side navigation, click Monitoring. The first time you open Kibana monitoring, data collection is disabled. You will be prompted to turn on data collection.

    If you have permission to turn on data collection and there is data in the cluster, Kibana displays the monitoring dashboards. You’ll see cluster alerts that require your attention and a summary of the available monitoring metrics for Elasticsearch, Logstash, Kibana, and Beats. To view additional information, click the Overview, Nodes, Indices, or Instances links.

    Monitoring dashboard

If you encounter problems, see Troubleshooting monitoring.

Watcher must be enabled to view cluster alerts. If you have a Basic license, Top Cluster Alerts are not displayed.