Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: ad0228fd2f
Branches Tags
elasticsearch
/
docs
/
reference
/
monitoring
/
collectors.asciidoc

collectors.asciidoc 8.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. [role="xpack"]
    2. 

  2. [[es-monitoring-collectors]]
    3. 

  3. == Collectors
    4. 

  4. 

  5. [IMPORTANT]
    6. 

  6. =========================
    7. 

  7. {metricbeat} is the recommended method for collecting and shipping monitoring
    8. 

  8. data to a monitoring cluster.
    9. 

  9. 

  10. If you have previously configured legacy collection methods, you should migrate
    11. 

  11. to using {metricbeat} collection methods. Use either {metricbeat} collection or
    12. 

  12. legacy collection methods; do not use both.
    13. 

  13. 

  14. Learn more about <<configuring-metricbeat>>.
    15. 

  15. =========================
    16. 

  16. 

  17. Collectors, as their name implies, collect things. Each collector runs once for
    18. 

  18. each collection interval to obtain data from the public APIs in {es} and {xpack}
    19. 

  19. that it chooses to monitor. When the data collection is finished, the data is
    20. 

  20. handed in bulk to the <<es-monitoring-exporters,exporters>> to be sent to the
    21. 

  21. monitoring clusters. Regardless of the number of exporters, each collector only
    22. 

  22. runs once per collection interval.
    23. 

  23. 

  24. There is only one collector per data type gathered. In other words, for any
    25. 

  25. monitoring document that is created, it comes from a single collector rather
    26. 

  26. than being merged from multiple collectors. The {es} {monitor-features}
    27. 

  27. currently have a few collectors because the goal is to minimize overlap between
    28. 

  28. them for optimal performance.
    29. 

  29. 

  30. Each collector can create zero or more monitoring documents. For example,
    31. 

  31. the `index_stats` collector collects all index statistics at the same time to
    32. 

  32. avoid many unnecessary calls.
    33. 

  33. 

  34. [options="header"]
    35. 

  35. |=======================
    36. 

  36. | Collector       | Data Types | Description
    37. 

  37. | Cluster Stats   | `cluster_stats`
    38. 

  38. | Gathers details about the cluster state, including parts of the actual cluster
    39. 

  39. state (for example `GET /_cluster/state`) and statistics about it (for example,
    40. 

  40. `GET /_cluster/stats`). This produces a single document type. In versions prior
    41. 

  41. to X-Pack 5.5, this was actually three separate collectors that resulted in
    42. 

  42. three separate types: `cluster_stats`, `cluster_state`, and `cluster_info`. In
    43. 

  43. 5.5 and later, all three are combined into `cluster_stats`. This only runs on
    44. 

  44. the _elected_ master node and the data collected (`cluster_stats`) largely
    45. 

  45. controls the UI. When this data is not present, it indicates either a
    46. 

  46. misconfiguration on the elected master node, timeouts related to the collection
    47. 

  47. of the data, or issues with storing the data. Only a single document is produced
    48. 

  48. per collection.
    49. 

  49. | Index Stats     | `indices_stats`, `index_stats`
    50. 

  50. | Gathers details about the indices in the cluster, both in summary and
    51. 

  51. individually. This creates many documents that represent parts of the index
    52. 

  52. statistics output (for example, `GET /_stats`). This information only needs to
    53. 

  53. be collected once, so it is collected on the _elected_ master node. The most
    54. 

  54. common failure for this collector relates to an extreme number of indices -- and
    55. 

  55. therefore time to gather them -- resulting in timeouts. One summary
    56. 

  56. `indices_stats` document is produced per collection and one `index_stats`
    57. 

  57. document is produced per index, per collection.
    58. 

  58. | Index Recovery  | `index_recovery`
    59. 

  59. | Gathers details about index recovery in the cluster. Index recovery represents
    60. 

  60. the assignment of _shards_ at the cluster level. If an index is not recovered,
    61. 

  61. it is not usable. This also corresponds to shard restoration via snapshots. This
    62. 

  62. information only needs to be collected once, so it is collected on the _elected_
    63. 

  63. master node. The most common failure for this collector relates to an extreme
    64. 

  64. number of shards -- and therefore time to gather them -- resulting in timeouts.
    65. 

  65. This creates a single document that contains all recoveries by default, which
    66. 

  66. can be quite large, but it gives the most accurate picture of recovery in the
    67. 

  67. production cluster.
    68. 

  68. | Shards          | `shards`
    69. 

  69. | Gathers details about all _allocated_ shards for all indices, particularly
    70. 

  70. including what node the shard is allocated to. This information only needs to be
    71. 

  71. collected once, so it is collected on the _elected_ master node. The collector
    72. 

  72. uses the local cluster state to get the routing table without any network
    73. 

  73. timeout issues unlike most other collectors. Each shard is represented by a
    74. 

  74. separate monitoring document.
    75. 

  75. | Jobs            | `job_stats`
    76. 

  76. | Gathers details about all machine learning job statistics (for example, `GET
    77. 

  77. /_ml/anomaly_detectors/_stats`). This information only needs to be collected
    78. 

  78. once, so it is collected on the _elected_ master node. However, for the master
    79. 

  79. node to be able to perform the collection, the master node must have
    80. 

  80. `xpack.ml.enabled` set to true (default) and a license level that supports {ml}.
    81. 

  81. | Node Stats      | `node_stats`
    82. 

  82. | Gathers details about the running node, such as memory utilization and CPU
    83. 

  83. usage (for example, `GET /_nodes/_local/stats`). This runs on _every_ node with
    84. 

  84. {monitor-features} enabled. One common failure results in the timeout of the node
    85. 

  85. stats request due to too many segment files. As a result, the collector spends
    86. 

  86. too much time waiting for the file system stats to be calculated until it
    87. 

  87. finally times out. A single `node_stats` document is created per collection.
    88. 

  88. This is collected per node to help to discover issues with nodes communicating
    89. 

  89. with each other, but not with the monitoring cluster (for example, intermittent
    90. 

  90. network issues or memory pressure).
    91. 

  91. |=======================
    92. 

  92. 

  93. The {es} {monitor-features} use a single threaded scheduler to run the
    94. 

  94. collection of {es} monitoring data by all of the appropriate collectors on each
    95. 

  95. node. This scheduler is managed locally by each node and its interval is
    96. 

  96. controlled by specifying the `xpack.monitoring.collection.interval`, which
    97. 

  97. defaults to 10 seconds (`10s`), at either the node or cluster level.
    98. 

  98. 

  99. Fundamentally, each collector works on the same principle. Per collection
    100. 

  100. interval, each collector is checked to see whether it should run and then the
    101. 

  101. appropriate collectors run. The failure of an individual collector does not
    102. 

  102. impact any other collector.
    103. 

  103. 

  104. Once collection has completed, all of the monitoring data is passed to the
    105. 

  105. exporters to route the monitoring data to the monitoring clusters.
    106. 

  106. 

  107. If gaps exist in the monitoring charts in {kib}, it is typically because either
    108. 

  108. a collector failed or the monitoring cluster did not receive the data (for
    109. 

  109. example, it was being restarted). In the event that a collector fails, a logged
    110. 

  110. error should exist on the node that attempted to perform the collection.
    111. 

  111. 

  112. NOTE: Collection is currently done serially, rather than in parallel, to avoid
    113. 

  113.       extra overhead on the elected master node. The downside to this approach
    114. 

  114.       is that collectors might observe a different version of the cluster state
    115. 

  115.       within the same collection period. In practice, this does not make a
    116. 

  116.       significant difference and running the collectors in parallel would not
    117. 

  117.       prevent such a possibility.
    118. 

  118. 

  119. For more information about the configuration options for the collectors, see
    120. 

  120. <<monitoring-collection-settings>>.
    121. 

  121. 

  122. [discrete]
    123. 

  123. [[es-monitoring-stack]]
    124. 

  124. ==== Collecting data from across the Elastic Stack
    125. 

  125. 

  126. {es} {monitor-features} also receive monitoring data from other parts of the
    127. 

  127. Elastic Stack. In this way, it serves as an unscheduled monitoring data
    128. 

  128. collector for the stack.
    129. 

  129. 

  130. By default, data collection is disabled. {es} monitoring data is not
    131. 

  131. collected and all monitoring data from other sources such as {kib}, Beats, and
    132. 

  132. Logstash is ignored. You must set `xpack.monitoring.collection.enabled` to `true`
    133. 

  133. to enable the collection of monitoring data. See <<monitoring-settings>>.
    134. 

  134. 

  135. Once data is received, it is forwarded to the exporters
    136. 

  136. to be routed to the monitoring cluster like all monitoring data.
    137. 

  137. 

  138. WARNING: Because this stack-level "collector" lives outside of the collection
    139. 

  139. interval of {es} {monitor-features}, it is not impacted by the
    140. 

  140. `xpack.monitoring.collection.interval` setting. Therefore, data is passed to the
    141. 

  141. exporters whenever it is received. This behavior can result in indices for {kib},
    142. 

  142. Logstash, or Beats being created somewhat unexpectedly.
    143. 

  143. 

  144. While the monitoring data is collected and processed, some production cluster
    145. 

  145. metadata is added to incoming documents. This metadata enables {kib} to link the
    146. 

  146. monitoring data to the appropriate cluster. If this linkage is unimportant to
    147. 

  147. the infrastructure that you're monitoring, it might be simpler to configure
    148. 

  148. Logstash and Beats to report monitoring data directly to the monitoring cluster.
    149. 

  149. This scenario also prevents the production cluster from adding extra overhead
    150. 

  150. related to monitoring data, which can be very useful when there are a large
    151. 

  151. number of Logstash nodes or Beats.
    152. 

  152. 

  153. For more information about typical monitoring architectures, see
    154. 

  154. <<how-monitoring-works>>.
    155.