Table of Contents
Introduction
Monitoring Elasticsearch is crucial for ensuring optimal performance and reliability of the search and analytics engine. It helps identify issues related to query performance, resource utilization, and system health before they impact users. It also provides insights into the efficiency of data indexing and retrieval processes, enabling timely adjustments to configurations, scaling decisions, and optimising search queries to maintain high availability and fast response times.
In this article, we'll detail how to use the Telegraf agent to collect performance metrics from your Elasticsearch instance and forward them to a data source.
Getting Started with the Telegraf Agent
Telegraf is a plugin-driven server agent built on InfluxDB and can collect and send metrics/events from databases, systems, devices, and a range of popular technologies. Telegraf is written in Go, compiles into a single binary with no external dependencies, and requires minimal memory footprint. It is compatible with many operating systems and has many helpful output plugins and input plugins for collecting and forwarding a wide variety of performance metrics.
Install Telegraf (Linux/Redhat)
/etc/telegraf/.wget https://dl.influxdata.com/telegraf/releases/telegraf_1.21.2-1_amd64.deb
sudo dpkg -i telegraf_1.21.2-1_amd64.deb
RedHat/CentOS
wget https://dl.influxdata.com/telegraf/releases/telegraf-1.21.4-1.x86_64.rpm
sudo yum localinstall telegraf-1.21.4-1.x86_64.rpm
Configure an Output
You can configure Telegraf to output to various sources, such as Kafka, Graphite, InfluxDB, Prometheus, SQL, NoSQL, and more.
In this example, we will configure Telegraf with a Graphite output. If you're not currently hosting your own data source, you can start a 14-day free trial with Hosted Graphite by MetricFire to follow these next steps.
A Hosted Graphite account will provide the data source, include Hosted Grafana as a visualization tool, and offer an alerting feature.
To configure the Graphite output, locate the downloaded telegraf configuration file at /etc/telegraf/telegraf.conf and open it in your preferred text editor. Then, you will need to make the following changes to the file:
Locate and comment out the line:
# [[outputs.influxdb]]
Then, uncomment the line:
[[outputs.graphite]]
Next, uncomment and edit the server line to:
servers = ["carbon.hostedgraphite.com:2003"]
Finally, uncomment and edit the prefix line to:
prefix = "<YOUR_API_KEY>.telegraf"
Allow Telegraf to Connect to Your Elasticsearch Instance
- If you don't already have Elasticsearch installed, this is a helpful article for installing it on Linux (ubuntu)
- You may also need to locate your Elasticsearch config file, generally located at this file path in Linux: /etc/elasticsearch/elasticsearch.yml
- Ensure the host/port is configured correctly, and save the changes:
network.host: localhost
http.port: 9200
xpack.security.enabled: false
- Next, make sure to allow a local connection for port 9200: sudo ufw allow 9200
- Finally, just restart the Elasticsearch service: sudo service elasticsearch restart
Configure the Elasticsearch Input Plugin
Telegraf has many input plugins that can collect a wide range of data from many popular technologies and 3rd party sources. In this example, we'll demonstrate how to configure the Elasticsearch plugin.
All you need to do is search for the inputs. Elasticsearch section in your Telegraf.conf file, and uncomment the [[inputs.elasticsearch]] line:
[[inputs.elasticsearch]]
Then you can uncomment the 'servers' line; the default URL is:
servers = ["http://localhost:9200"]
Next, uncomment/modify the following sections in the Elasticsearch plugin config (some can optionally be set to false to limit the number of metrics forwarded):
http_timeout = "5s"
local = true
cluster_health = true
cluster_stats = true
cluster_stats_only_from_master = true
indices_include = ["_all"]
indices_level = "shards"
Save your changes, and then start Telegraf using the following command to see if there are any configuration errors in the output:
telegraf --config telegraf.conf
Telegraf will now be forwarding roughly 850 metrics to your data source, reporting many types of performance statistics for:
- Elasicsearch breakers, filesystems, HTTP requests, processes, indices, threads, JVM, transports
- cluster health
- node counts, indexing, ingest processing, and more!
See the official GitHub repository for more information and configuration options for the Elasticsearch input plugin.
Use Hosted Graphite by MetricFire to Create Custom Dashboards and Alerts
MetricFire is a monitoring platform that enables you to gather, visualize, analyze, and alert on metrics from sources such as servers, databases, networks, devices, and applications. Using MetricFire, you can effortlessly identify problems and optimize resources within your infrastructure. Hosted Graphite by MetricFire removes the burden of self-hosting your monitoring solution, allowing you more time and freedom to work on your most important tasks.
- Once you have signed up for a Hosted Graphite account and used the above steps to configure your server with the Telegraf Agent, metrics will be forwarded, timestamped, ingested, and aggregated into the Hosted Graphite backend.
- They will be sent and stored in the Graphite format of metric.name.path <numeric-value> <unix-timestamp>, which provides a tree-like data structure and makes them easy to query.
- These metrics can be found in your Hosted Graphite account, where you can use them to build custom Alerts and Grafana dashboards.
Create Dashboards in Hosted Graphite's Hosted Grafana
In the Hosted Graphite UI, navigate to Dashboards => Primary Dashboards and select the + button to build a new panel:
Then you can use the query UI to select a graphite metric path (the default data source will be the hosted graphite backend if you are accessing Grafana through your Hosted Graphite account):
The Hosted Graphite datasource also supports wildcard (*) searches to grab all metrics that match a specified path.
Now you can apply Graphite functions to these metrics, like aliasByNode() to reformat the metric names on the graph and exclude() to remove a pattern from the query:
Grafana has many additional options, like configuring dashboard variables and annotations. You can also use different visualizations, modify the display, set the units of measurement, and much more.
Hosted Graphite also has a pre-configured dashboard for Telegraf metrics in their Dashboard Library. Once this dashboard is generated in your account, you can locate it in your Primary Dashboards to see system metrics (CPU, memory, disk) displayed. These system performance metrics come standard with a Telegraf => Graphite configuration:
See the Hosted Graphite dashboard docs for more details.
Creating Graphite Alerts
In the Hosted Graphite UI, navigate to Alerts => Graphite Alerts to create a new alert. Name the alert, add one of your graphite metrics to the alerting metric field, and add a description of what this alert is:
Then, select the Criteria tab, which will set the threshold, and select a notification channel. The default notification channel is the email you used to sign up for the Hosted Graphite account. Still, you can easily configure a channel for Slack, PagerDuty, Microsoft Teams, and more. See the Hosted Graphite docs for more details on notification channels:
Conclusion
Monitoring Elasticsearch is essential for DevOps teams to proactively detect and resolve issues. It ensures the system's high availability, performance, and efficient resource utilization, which are critical for seamless user experiences. It enables informed decision-making on scaling, optimizations, and capacity planning, directly supporting continuous integration and delivery pipelines by maintaining the stability and reliability of services that depend on Elasticsearch.
Tools like dashboards and alerts complement this monitoring by providing real-time visualization, proactive identification of issues, historical trend analysis, and facilitating informed decision-making, all of which are essential for maintaining a robust and efficient network infrastructure.
Sign up for a free trial, and start monitoring your infrastructure today! You can also book a demo and talk to the MetricFire team directly about your monitoring needs.
