Step 2: Configuring Topbeat

edit

To configure Topbeat, you edit the configuration file. For rpm and deb, you’ll find the configuration file at /etc/topbeat/topbeat.yml. For mac and win, look in the archive that you just extracted.

Here is a sample of the topbeat.yml file. Topbeat uses predefined default values for most configuration options.

input:
  period: 10
  procs: [".*"]

To configure Topbeat:

  1. Set the following options to specify how often Topbeat reads statistics and specify which processes it monitors:

    • The period option defines how often to read system-wide and per-process statistics from your servers. The interval is in seconds. By default, it’s set to 10 seconds.
    • The procs option defines a list of regular expressions to match all the processes that need to be monitored. By default, all the running processes are monitored.

      If you are not interested in collecting per-process statistics, you can use:

      input:
        stats:
          process: false
  2. If you are sending output to Elasticsearch, set the IP address and port where Topbeat can find the Elasticsearch installation:

    # Configure what outputs to use when sending the data collected by the beat.
    # Multiple outputs may be used.
    output:
      ### Elasticsearch as output
      elasticsearch:
        # Array of hosts to connect to.
         hosts: ["192.168.1.42:9200"]

    If you are sending output to Logstash, see Configuring Topbeat to Use Logstash instead.

To test your configuration file, run Topbeat in the foreground with the following options specified: ./topbeat -configtest -e.