Monitoring Elasticsearch

The Elastic monitoring features enable you to easily monitor the health of your Elasticsearch cluster. The monitoring metrics are collected from each node and stored in Elasticsearch indices.

Tip

In production environments, it is recommended to store the monitoring data in a separate monitoring cluster. See Monitoring in a production environment.

Each Elasticsearch node is considered unique based on its persistent UUID, which is written on first start to its path.data directory, which defaults to ./data.

All settings associated with monitoring in Elasticsearch must be set in either the elasticsearch.yml file for each node or, where possible, in the dynamic cluster settings. For more information, see Configuring monitoring.

Elasticsearch is also at the core of monitoring across the Elastic Stack. In all cases, monitoring documents are just ordinary JSON documents built by monitoring each Elastic Stack component at some collection interval, then indexing those documents into the monitoring cluster.

Each component in the stack is responsible for monitoring itself and then forwarding those documents to the Elasticsearch production cluster for both routing and indexing (storage). The routing and indexing processes in Elasticsearch are handled by what are called collectors and exporters.

Alternatively, in 6.4 and later, you can use Metricbeat to collect monitoring data about Kibana and ship it directly to the monitoring cluster, rather than routing it through the production cluster. In 6.5 and later, you can also use Metricbeat to collect and ship data about Elasticsearch.

You can view monitoring data from Kibana where it’s easy to spot issues at a glance or delve into the system behavior over time to diagnose operational issues. In addition to the built-in status warnings, you can also set up custom alerts based on the data in the monitoring indices.

For an introduction to monitoring your Elastic Stack, including Beats, Logstash, and Kibana, see Monitoring the Elastic Stack.