Collect metric data from Elasticsearch servers - Simple Log Service

You can use Telegraf to collect metric data from Elasticsearch servers. Then, you can use Logtail to send the metric data to a Metricstore in Simple Log Service. This way, you can create a dashboard to visualize the metric data. This topic describes how to collect metric data from an Elasticsearch server by using Simple Log Service and visualize the data.

Prerequisites

Telegraf is installed on a server that is connected to the Elasticsearch server over an internal network.
A project and a Metricstore are created. For more information, see Create a project and Create a Metricstore.

Limit

Only Linux Logtail V0.16.48 and later can collect Elasticsearch metric data. If an earlier version of Logtail is installed on your server, you must update Logtail to a supported version. For more information, see Update Logtail online.

Procedure

Log on to the Log Service console.
On the Monitoring Data tab in the Import Data section, click Elasticsearch Monitoring Data.
Select the project and Metricstore and click Next.
Create a machine group.
- If a machine group is available, click Use Existing Machine Groups.
- If no machine groups are available, perform the following steps to create a machine group. In this example, an Elastic Compute Service (ECS) instance is used.
  1. On the ECS Instances tab, select Manually Select Instances. Then, select the ECS instance that you want to use and click Create.
    For more information, see Install Logtail on ECS instances.
    Important If you want to collect logs from an ECS instance that belongs to a different Alibaba Cloud account, a server in an on-premises data center, or a server of a third-party cloud service provider, you must manually install Logtail. For more information, see Install Logtail on a Linux server. After you manually install Logtail, you must configure a user identifier for the server. For more information, see Configure a user identifier.
  2. After Logtail is installed, click Complete Installation.
  3. In the Create Machine Group step, configure the Name parameter and click Next.
    Log Service allows you to create IP address-based machine groups and custom identifier-based machine groups. For more information, see Create an IP address-based machine group and Create a custom identifier-based machine group.
Select the new machine group from Source Server Groups and move the machine group to Applied Server Groups. Then, click Next.
Important If you apply a machine group immediately after you create the machine group, the heartbeat status of the machine group may be FAIL. This issue occurs because the machine group is not connected to Log Service. To resolve this issue, you can click Automatic Retry. If the issue persists, see What do I do if no heartbeat connections are detected on Logtail?

In the Specify Data Source step, configure the parameters. The following table describes the parameters.

Parameter	Description
Configuration Name	The name of the Logtail configuration. You can enter a custom name.
Cluster Name	The name of the Elasticsearch cluster. You can enter a custom value. After you configure this parameter, Log Service adds a cluster=Cluster name tag to the Elasticsearch monitoring data that is collected by using the Logtail configuration. Important Make sure that the cluster name is unique. Otherwise, data conflicts may occur.
Server List	The information about the Elasticsearch cluster. The information includes the following configuration items: Address: the address of the Elasticsearch cluster. You can enter the IP address, hostname, or domain name of the server in the cluster. Port: the port number of the Elasticsearch cluster. Default value: 9200. You can add information about multiple Elasticsearch clusters based on your business requirements.
Password	If authentication is configured for the Elasticsearch cluster, you must enter the account and password that you use to connect to the Elasticsearch cluster.
Index Name	The name of the index that is created in the Elasticsearch cluster. If you enter _all, the metric data of all indexes in the Elasticsearch cluster is collected.
Custom Tags	The custom tags that are added to the collected Elasticsearch monitoring data. The tags are key-value pairs. After you configure this parameter, Log Service adds the custom tags to the Elasticsearch monitoring data that is collected by using the Logtail configuration.
Custom Telegraf Configurations	Log Service collects Elasticsearch monitoring data by using Telegraf. Telegraf is an open source tool that is used to collect metrics. If the preceding default parameters do not meet your business requirements, you can use Custom Telegraf Configurations to configure custom parameters. For more information about Telegraf, see Telegraf. For more information about configuration examples, see Configuration. For more information about the metrics that can be collected, see Metrics.

FAQ

How do I check whether Telegraf is collecting data as expected?

You can check the logs of the /etc/ilogtail/telegraf/telegraf.log file on your server. You can use Simple Log Service to collect this log file and search for the required information in Simple Log Service.

What to do next

Query and analyze data
After you configure the settings, Telegraf uses Logtail to upload collected metric data to the specified Metricstore in Simple Log Service. You can query and analyze the data on the Query & Analysis page of the Metricstore. For more information, see Query and analyze metric data.
Visualize query and analysis results
After you configure the settings, Simple Log Service automatically creates a dashboard named Elasticsearch Monitoring Data_<cluster name> in the related project. You can visualize query and analysis results on the dashboard. You can also configure alert rules for the dashboard.