monitor-elasticsearch-using-telegraf-and-metricfire

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire

Table of Contents

Introduction 

Monitoring Elasticsearch is crucial for ensuring optimal performance and reliability of the search and analytics engine. It helps identify issues related to query performance, resource utilization, and system health before they impact users. It also provides insights into the efficiency of data indexing and retrieval processes, enabling timely adjustments to configurations, scaling decisions, and optimising search queries to maintain high availability and fast response times.

In this article, we'll detail how to use the Telegraf agent to collect performance metrics from your Elasticsearch instance and forward them to a data source.

        

Getting Started with the Telegraf Agent

Telegraf is a plugin-driven server agent built on InfluxDB and can collect and send metrics/events from databases, systems, devices, and a range of popular technologies. Telegraf is written in Go, compiles into a single binary with no external dependencies, and requires minimal memory footprint. It is compatible with many operating systems and has many helpful output plugins and input plugins for collecting and forwarding a wide variety of performance metrics. 

Install Telegraf (Linux/Redhat)

Download Telegraf and unzip it (see the Telegraf docs for up-to-date versions and installation commands for many operating systems). Packages and files are generally installed at /etc/telegraf/.
Ubuntu/Debian
wget https://dl.influxdata.com/telegraf/releases/telegraf_1.21.2-1_amd64.deb
sudo dpkg -i telegraf_1.21.2-1_amd64.deb

RedHat/CentOS

wget https://dl.influxdata.com/telegraf/releases/telegraf-1.21.4-1.x86_64.rpm
sudo yum localinstall telegraf-1.21.4-1.x86_64.rpm

Configure an Output

You can configure Telegraf to output to various sources, such as Kafka, Graphite, InfluxDB, Prometheus, SQL, NoSQL, and more.

In this example, we will configure Telegraf with a Graphite output. If you're not currently hosting your own data source, you can start a 14-day free trial with Hosted Graphite by MetricFire to follow these next steps.

A Hosted Graphite account will provide the data source, include Hosted Grafana as a visualization tool, and offer an alerting feature.

To configure the Graphite output, locate the downloaded telegraf configuration file at /etc/telegraf/telegraf.conf and open it in your preferred text editor. Then, you will need to make the following changes to the file:

Locate and comment out the line:

# [[outputs.influxdb]]

Then, uncomment the line:

[[outputs.graphite]]

Next, uncomment and edit the server line to:

servers = ["carbon.hostedgraphite.com:2003"]

Finally, uncomment and edit the prefix line to:

prefix = "<YOUR_API_KEY>.telegraf"
If you don't already have a Hosted Graphite account, sign up for a free trial here to obtain a Hosted Graphite API key.
Otherwise, you can configure a different telegraf output to forward metrics to another data source.

Allow Telegraf to Connect to Your Elasticsearch Instance

  • If you don't already have Elasticsearch installed, this is a helpful article for installing it on Linux (ubuntu)
  • You may also need to locate your Elasticsearch config file, generally located at this file path in Linux: /etc/elasticsearch/elasticsearch.yml
  • Ensure the host/port is configured correctly, and save the changes:
network.host: localhost
http.port: 9200
xpack.security.enabled: false
  • Next, make sure to allow a local connection for port 9200: sudo ufw allow 9200
  • Finally, just restart the Elasticsearch service: sudo service elasticsearch restart

Configure the Elasticsearch Input Plugin

Telegraf has many input plugins that can collect a wide range of data from many popular technologies and 3rd party sources. In this example, we'll demonstrate how to configure the Elasticsearch plugin.

All you need to do is search for the inputs. Elasticsearch section in your Telegraf.conf file, and uncomment the [[inputs.elasticsearch]] line:

[[inputs.elasticsearch]]

Then you can uncomment the 'servers' line; the default URL is:

  servers = ["http://localhost:9200"]

Next, uncomment/modify the following sections in the Elasticsearch plugin config (some can optionally be set to false to limit the number of metrics forwarded):

  http_timeout = "5s"
  local = true
cluster_health = true
cluster_stats = true
  cluster_stats_only_from_master = true
  indices_include = ["_all"]
  indices_level = "shards"

Save your changes, and then start Telegraf using the following command to see if there are any configuration errors in the output:

telegraf --config telegraf.conf

Telegraf will now be forwarding roughly 850 metrics to your data source, reporting many types of performance statistics for:

  • Elasicsearch breakers, filesystems, HTTP requests, processes, indices, threads, JVM, transports
  • cluster health
  • node counts, indexing, ingest processing, and more!

See the official GitHub repository for more information and configuration options for the Elasticsearch input plugin.

Use Hosted Graphite by MetricFire to Create Custom Dashboards and Alerts

MetricFire is a monitoring platform that enables you to gather, visualize, analyze, and alert on metrics from sources such as servers, databases, networks, devices, and applications. Using MetricFire, you can effortlessly identify problems and optimize resources within your infrastructure. Hosted Graphite by MetricFire removes the burden of self-hosting your monitoring solution, allowing you more time and freedom to work on your most important tasks.

  1. Once you have signed up for a Hosted Graphite account and used the above steps to configure your server with the Telegraf Agent, metrics will be forwarded, timestamped, ingested, and aggregated into the Hosted Graphite backend.
  2. They will be sent and stored in the Graphite format of metric.name.path <numeric-value> <unix-timestamp>, which provides a tree-like data structure and makes them easy to query.
  3. These metrics can be found in your Hosted Graphite account, where you can use them to build custom Alerts and Grafana dashboards.

Create Dashboards in Hosted Graphite's Hosted Grafana

In the Hosted Graphite UI, navigate to Dashboards => Primary Dashboards and select the + button to build a new panel:

new-grafana-panel

Then you can use the query UI to select a graphite metric path (the default data source will be the hosted graphite backend if you are accessing Grafana through your Hosted Graphite account):

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire - 1 

The Hosted Graphite datasource also supports wildcard (*) searches to grab all metrics that match a specified path.



Now you can apply Graphite functions to these metrics, like aliasByNode() to reformat the metric names on the graph and exclude() to remove a pattern from the query:

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire - 2

Grafana has many additional options, like configuring dashboard variables and annotations. You can also use different visualizations, modify the display, set the units of measurement, and much more.





Hosted Graphite also has a pre-configured dashboard for Telegraf metrics in their Dashboard Library. Once this dashboard is generated in your account, you can locate it in your Primary Dashboards to see system metrics (CPU, memory, disk) displayed. These system performance metrics come standard with a Telegraf => Graphite configuration:

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire - 3

See the Hosted Graphite dashboard docs for more details.

Creating Graphite Alerts

In the Hosted Graphite UI, navigate to Alerts => Graphite Alerts to create a new alert. Name the alert, add one of your graphite metrics to the alerting metric field, and add a description of what this alert is:

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire - 4

Then, select the Criteria tab, which will set the threshold, and select a notification channel. The default notification channel is the email you used to sign up for the Hosted Graphite account. Still, you can easily configure a channel for Slack, PagerDuty, Microsoft Teams, and more. See the Hosted Graphite docs for more details on notification channels:

Easy guide to Monitor Elasticsearch Using Telegraf and MetricFire - 5

Conclusion

Monitoring Elasticsearch is essential for DevOps teams to proactively detect and resolve issues. It ensures the system's high availability, performance, and efficient resource utilization, which are critical for seamless user experiences. It enables informed decision-making on scaling, optimizations, and capacity planning, directly supporting continuous integration and delivery pipelines by maintaining the stability and reliability of services that depend on Elasticsearch.

Tools like dashboards and alerts complement this monitoring by providing real-time visualization, proactive identification of issues, historical trend analysis, and facilitating informed decision-making, all of which are essential for maintaining a robust and efficient network infrastructure.

Sign up for a free trial, and start monitoring your infrastructure today! You can also book a demo and talk to the MetricFire team directly about your monitoring needs.

You might also like other posts...
metricfire Dec 06, 2024 · 6 min read

Step by Step Guide to Monitoring Apache Spark with MetricFire

Monitoring Spark metrics is crucial because it provides visibility into how your cluster and... Continue Reading

metricfire Dec 02, 2024 · 8 min read

Easiest Way to Monitor Your API Endpoints Using Telegraf

Monitoring the health of your API endpoints is crucial to keeping your applications running... Continue Reading

metricfire Nov 28, 2024 · 3 min read

厳選!オープンソースのネットワーク監視ツール

ネットワーク監視は、組織に影響を及ぼす可能性のあるネットワーク関連の問題について貴重な洞察を提供する、ネットワーク管理戦略の重要な要素です。ネットワークを定期的に監視することで、ネットワークの過負荷、ルーターの問題、ダウンタイム、サイバー犯罪、データ損失などのリスクを軽減します。 Continue Reading

header image

We strive for 99.999% uptime

Because our system is your system.

14-day trial 14-day trial
No Credit Card Required No Credit Card Required