This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
How monitoring works
editHow monitoring works
editEach monitored Elastic Stack component is considered unique in the cluster based on
its persistent UUID, which is written to the path.data
directory when the node or instance starts.
Monitoring documents are just ordinary JSON documents built by monitoring each Elastic Stack component at a specified collection interval. If you want to alter how these documents are structured or stored, refer to Configuring data streams/indices for monitoring.
You can use Elastic Agent or Metricbeat to collect monitoring data and to ship it directly to the monitoring cluster.
To learn how to collect monitoring data, refer to:
-
One of the following topics depending on how you want to collect monitoring data from Elasticsearch:
- Collecting monitoring data with Elastic Agent: Uses a single agent to gather logs and metrics. Can be managed from a central location in Fleet.
- Collecting monitoring data with Metricbeat: Uses a lightweight Beats shipper to gather metrics. May be preferred if you have an existing investment in Beats or are not yet ready to use Elastic Agent.
- Legacy collection methods: Uses internal exporters to gather metrics. Not recommended. If you have previously configured legacy collection methods, you should migrate to using Elastic Agent or Metricbeat.
- Monitoring Kibana
- Monitoring Logstash
- Monitoring Enterprise Search
-
Monitoring Beats:
- Monitoring APM Server
- Monitoring Elastic Agents Fleet-managed agents) or Configure monitoring for standalone Elastic Agents