This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Webhook namespace selectors Connect to an external monitoring Elasticsearch cluster »
Elastic Docs Elastic Cloud on Kubernetes [master] Advanced topics

Stack Monitoring

edit

Stack Monitoring

edit

You can enable Stack Monitoring on Elasticsearch, Kibana, Beats and Logstash to collect and ship their metrics and logs to a monitoring cluster. Although self-monitoring is possible, it is advised to use a separate monitoring cluster.

To enable Stack Monitoring, simply reference the monitoring Elasticsearch cluster in the spec.monitoring section of their specification.

The following example shows how Elastic Stack components can be configured to send their monitoring data to a separate Elasticsearch cluster in the same Kubernetes cluster.

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
  name: monitored-sample
  namespace: production
spec:
  version: 8.16.0
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: monitoring 
        namespace: observability 
    logs:
      elasticsearchRefs:
      - name: monitoring 
        namespace: observability 
  nodeSets:
  - name: default
    count: 1
    config:
      node.store.allow_mmap: false
---
apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
  name: monitored-sample
  namespace: production
spec:
  version: 8.16.0
  elasticsearchRef:
    name: monitored-sample
    namespace: production
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability 
    logs:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability 
  count: 1
---
apiVersion: beat.k8s.elastic.co/v1beta1
kind: Beat
metadata:
  name: monitored-sample
spec:
  type: filebeat
  version: 8.16.0
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability 
    logs:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability 
---
apiVersion: logstash.k8s.elastic.co/v1alpha1
kind: Logstash
metadata:
    name: monitored-sample
spec:
  version: 8.16.0
  monitoring:
    metrics:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability 
    logs:
      elasticsearchRefs:
      - name: monitoring
        namespace: observability

The same monitoring cluster is used for metrics and logs, but separate clusters could be used.

The use of namespace is optional if the monitoring Elasticsearch cluster and the monitored Elastic Stack resource are running in the same namespace.

If Logs Stack Monitoring is configured for a Beat, and custom container arguments (podTemplate.spec.containers[].args) include -e, which enables logging to stderr and disables log file output, this argument will be removed from the Pod to allow the Filebeat sidecar to consume the Beat’s log files.

You can also enable Stack Monitoring on a single Stack component only. In case Elasticsearch is not monitored, other Stack components will not be available on the Stack Monitoring Kibana page (check View monitoring data in Kibana).

« Webhook namespace selectors Connect to an external monitoring Elasticsearch cluster »