- Packetbeat Reference: other versions:
- Overview
- Getting started with Packetbeat
- Setting up and running Packetbeat
- Upgrading Packetbeat
- Configuring Packetbeat
- Set traffic capturing options
- Set up flows to monitor network traffic
- Specify which transaction protocols to monitor
- Specify which processes to monitor
- Specify general settings
- Configure the internal queue
- Configure the output
- Specify SSL settings
- Filter and enhance the exported data
- Parse data by using ingest node
- Export GeoIP Information
- Set up project paths
- Set up the Kibana endpoint
- Load the Kibana dashboards
- Load the Elasticsearch index template
- Configure logging
- Use environment variables in the configuration
- YAML tips and gotchas
- HTTP Endpoint
- packetbeat.reference.yml
- Exported fields
- AMQP fields
- Beat fields
- Cassandra fields
- Cloud provider metadata fields
- Common fields
- DNS fields
- Docker fields
- Flow Event fields
- Host fields
- HTTP fields
- ICMP fields
- Kubernetes fields
- Memcache fields
- MongoDb fields
- MySQL fields
- NFS fields
- PostgreSQL fields
- Raw fields
- Redis fields
- Thrift-RPC fields
- TLS fields
- Transaction Event fields
- Measurements (Transactions) fields
- Monitoring Packetbeat
- Securing Packetbeat
- Visualizing Packetbeat data in Kibana
- Troubleshooting
- Contributing to Beats
Monitoring Packetbeat
editMonitoring Packetbeat
editX-Pack monitoring for Packetbeat requires Elasticsearch 6.2 or later.
X-Pack monitoring enables you to easily monitor Packetbeat from Kibana. For more information, see Monitoring the Elastic Stack and Beats Monitoring Metrics.
To configure Packetbeat to collect and send monitoring metrics:
-
Create a user that has appropriate authority to send system-level monitoring
data to Elasticsearch. For example, you can use the built-in
beats_system
user or assign the built-inbeats_system
role to another user. For more information, see Setting Up User Authentication and Built-in Roles. -
Add the
xpack.monitoring
settings in the Packetbeat configuration file. If you configured Elasticsearch output, specify the following minimal configuration:xpack.monitoring.enabled: true
If you configured a different output, such as Logstash, you must specify additional configuration options. For example:
xpack.monitoring: enabled: true elasticsearch: hosts: ["https://example.com:9200", "https://example2.com:9200"] username: beats_system password: beatspassword
Currently you must send monitoring data to the same cluster as all other events. If you configured Elasticsearch output, do not specify additional hosts in the monitoring configuration.
- Configure monitoring in Kibana.
-
To verify your monitoring configuration, point your web browser at your Kibana
host, and select Monitoring from the side navigation. Metrics reported from
Packetbeat should be visible in the Beats section. When X-Pack security is enabled,
to view the monitoring dashboards you must log in to Kibana as a user who has the
kibana_user
andmonitoring_user
roles.