Viewing monitoring data in Kibana
editViewing monitoring data in Kibana
editAfter you collect monitoring data for one or more products in the Elastic Stack, you can configure Kibana to retrieve that information and display it in on the Monitoring page.
At a minimum, you must have monitoring data for the Elasticsearch production cluster. Once that data exists, Kibana can display monitoring data for other products in the cluster.
If you have a dedicated monitoring cluster, the information is accessible even if the Elasticsearch cluster you’re monitoring is not. You can send data from multiple clusters to the same monitoring cluster and view them all through the same instance of Kibana. To learn more about typical monitoring architectures with separate production and monitoring clusters, see How monitoring works.
- Configure monitoring in Elasticsearch. If you want to use a separate monitoring cluster, see Monitoring in a production environment.
- Optional: Configure monitoring in Kibana.
- Optional: Configure monitoring in Logstash.
- Optional: Configure monitoring in Auditbeat, Filebeat, Heartbeat, Metricbeat, Packetbeat, and Winlogbeat.
-
Configure Kibana to visualize monitoring data:
-
Verify that
xpack.monitoring.ui.enabledis set totrue, which is the default value. For more information, see Monitoring Settings. -
Identify where to retrieve monitoring data from. If you want to use a separate monitoring cluster, set
xpack.monitoring.elasticsearch.urlin thekibana.ymlfile. Otherwise, the monitoring data is stored in the production cluster.If security features are enabled on the monitoring cluster, use an HTTPS URL such as
https://<your_monitoring_cluster>:9200in this setting. -
If security features are enabled on the monitoring cluster, identify a user
ID and password that Kibana can use to retrieve monitoring data. Specify these
values in the
xpack.monitoring.elasticsearch.usernameandxpack.monitoring.elasticsearch.passwordsettings in thekibana.ymlfile. If these settings are omitted, Kibana uses theelasticsearch.usernameandelasticsearch.passwordsetting values. -
If security features are enabled on the monitoring cluster, configure Kibana to encrypt communications between the Kibana server and the monitoring cluster. Specify the
xpack.monitoring.elasticsearch.ssl.*settings in thekibana.ymlfile on the Kibana server.For example, if you are using your own certificate authority to sign certificates, specify the location of the PEM file in the
kibana.ymlfile:xpack.monitoring.elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
-
Verify that
-
Open Kibana in your web browser and log in.
If you are running Kibana locally, go to
http://localhost:5601/.If security features are enabled on the Kibana server, to access Kibana and view the monitoring dashboards, you must log in as a user who has the
kibana_userandmonitoring_userroles. These roles have the necessary privileges to view the monitoring dashboards. For more information, see Built-in roles.If you are accessing a remote monitoring cluster, you must log in to Kibana with credentials that are valid on both the Kibana server and the monitoring cluster.
-
In the side navigation, click Monitoring. The first time you open Kibana monitoring, data collection is disabled. You will be prompted to turn on data collection.
If you have permission to turn on data collection and there is data in the cluster, Kibana displays the monitoring dashboards. You’ll see cluster alerts that require your attention and a summary of the available monitoring metrics for Elasticsearch, Logstash, Kibana, and Beats. To view additional information, click the Overview, Nodes, Indices, or Instances links.
If you encounter problems, see Troubleshooting monitoring.
Watcher must be enabled to view cluster alerts. If you have a Basic license, Top Cluster Alerts are not displayed.