Collect Logstash monitoring data with Elastic Agent

edit

Collect Logstash monitoring data with Elastic Agent

edit

You can use Elastic Agent to collect data about Logstash and ship it to the monitoring cluster. The benefit of Elastic Agent collection is that the monitoring agent remains active even if the Logstash instance does not. Plus you can manage all your monitoring agents from a central location in Fleet.

To collect and ship monitoring data:

Disable default collection of Logstash monitoring metrics

edit

The monitoring setting is in the Logstash configuration file (logstash.yml), but is commented out:

monitoring.enabled: false

Remove the # at the beginning of the line to enable the setting.

Define cluster_uuid (Optional)

edit

To bind the metrics of Logstash to a specific cluster, optionally define the monitoring.cluster_uuid in the configuration file (logstash.yml):

monitoring.cluster_uuid: PRODUCTION_ES_CLUSTER_UUID

Install and configure Elastic Agent

edit

Prerequisites:

To collect Logstash monitoring data, add a Logstash integration to an Elastic Agent and deploy it to the host where Logstash is running.

  1. Go to the Kibana home page and click Add integrations.

    If you’re using a monitoring cluster, use the Kibana instance connected to the monitoring cluster.

  2. In the query bar, search for and select the Logstash integration for Elastic Agent.
  3. Read the overview to make sure you understand integration requirements and other considerations.
  4. Click Add Logstash.

    If you’re installing an integration for the first time, you may be prompted to install Elastic Agent. Click Add integration only (skip agent installation).

  5. Configure the integration name and optionally add a description. Make sure you configure all required settings:

    • Under Collect Logstash application and slowlog logs, modify the log paths to match your Logstash environment.
    • Under Collect Logstash node metrics and stats, make sure the hosts setting points to your Logstash host URLs. By default, the integration collects Logstash monitoring metrics from localhost:9600. If that host and port number are not correct, update the hosts setting. If you configured Logstash to use encrypted communications, you must access it via HTTPS. For example, use a hosts setting like https://localhost:9600.

      Elastic security. The Elastic security features are enabled by default. Expand Advanced options and enter the username and password of a user that has the remote_monitoring_collector role.

  6. Choose where to add the integration policy. Click New hosts to add it to new agent policy or Existing hosts to add it to an existing agent policy.
  7. Click Save and continue. This step takes a minute or two to complete. When it’s done, you’ll have an agent policy that contains an integration for collecting monitoring data from Kibana.
  8. If an Elastic Agent is already assigned to the policy and deployed to the host where Kibana is running, you’re done. Otherwise, you need to deploy an Elastic Agent. To deploy an Elastic Agent:

    1. Go to Fleet → Agents, then click Add agent.
    2. Follow the steps in the Add agent flyout to download, install, and enroll the Elastic Agent. Make sure you choose the agent policy you created earlier.
  9. Wait a minute or two until incoming data is confirmed.
  10. View the monitoring data in Kibana.