Elasticsearch π
Description π
The Splunk Distribution of OpenTelemetry Collector provides this integration as the Elasticsearch monitor using the Smart Agent receiver.
This monitor collects stats from Elasticsearch. It collects node, cluster, and index level stats.
By default, this monitor only collects cluster level and index level stats from the current master
in an Elasticsearch cluster. You can override this using the
clusterHealthStatsMasterOnly and indexStatsMasterOnly configuration options respectively.
Installation π
This monitor is available in the Smart Agent Receiver, which is part of the Splunk Distribution of OpenTelemetry Collector.
To install this integration:
Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform.
Configure the monitor, as described in the next section.
Configuration π
The Splunk Distribution of OpenTelemetry Collector allows embedding a Smart Agent monitor configuration in an associated Smart Agent Receiver instance.
Note: Providing an Elasticsearch monitor entry in your Collector or Smart Agent (deprecated) configuration is required for its use. Use the appropriate form for your agent type.
Splunk Distribution of OpenTelemetry Collector π
To activate this monitor in the OpenTelemetry Collector, add the following to your agent configuration:
receivers:
smartagent/elasticsearch:
type: elasticsearch
... # Additional config
To complete the monitor activation, you must also include the smartagent/elasticsearch receiver item in a metrics pipeline. To do this, add the receiver item to the service > pipelines > metrics > receivers section of your configuration file.
See configuration examples for specific use cases that show how the Splunk Distribution of OpenTelemetry Collector can integrate and complement existing environments.
Smart Agent π
To activate this monitor in the Smart Agent, add the following to your agent configuration:
monitors: # All monitor config goes under this key
- type: elasticsearch
... # Additional config
See Smart Agent example configuration for an autogenerated example of a YAML configuration file, with default values where applicable.
Configuration settings π
The following table shows the configuration options for this monitor:
Option |
Required |
Type |
Description |
|---|---|---|---|
|
yes |
|
|
|
yes |
|
|
|
no |
|
Username used to access Elasticsearch stats API |
|
no |
|
Password used to access Elasticsearch stats API |
|
no |
|
Whether to use https or not (default: |
|
no |
|
A map of HTTP header names to values. Comma separated multiple values for the same message-header is supported. |
|
no |
|
If useHTTPS is |
|
no |
|
Path to the CA cert that has signed the TLS cert, unnecessary if |
|
no |
|
Path to the client TLS cert to use for TLS required connections |
|
no |
|
Path to the client TLS key to use for TLS required connections |
|
no |
|
Cluster name to which the node belongs. This is an optional config that will override the cluster name fetched from a node and will be used to populate the plugin_instance dimension |
|
no |
|
Activate Index stats. If set to |
|
no |
|
Indexes to collect stats from (by default stats from all indexes are collected) |
|
no |
|
Interval to report IndexStats on (default: |
|
no |
|
Collect only aggregated index stats across all indexes (default: |
|
no |
|
Collect index stats only from Master node (default: |
|
no |
|
EnableClusterHealth activates reporting on the cluster health (default: |
|
no |
|
Whether or not non master nodes should report cluster health (default: |
|
no |
|
Activate enhanced HTTP stats (default: |
|
no |
|
Activate enhanced JVM stats (default: |
|
no |
|
Activate enhanced Process stats (default: |
|
no |
|
Activate enhanced ThreadPool stats (default: |
|
no |
|
Activate enhanced Transport stats (default: |
|
no |
|
Activate enhanced node level index stats groups. A list of index stats groups for which to collect enhanced stats |
|
no |
|
ThreadPools to report threadpool node stats on (default: |
|
no |
|
Activate Cluster level stats. These stats report only from master Elasticserach nodes. (default: |
|
no |
|
Activate enhanced index level index stats groups. A list of index stats groups for which to collect enhanced stats |
|
no |
|
To activate index stats from only primary shards. By default, the index stats collected are aggregated across all shards. (default: |
|
no |
|
How often to refresh metadata about the node and cluster (default: |
Example configurations π
The following is an example configuration that collects only default (non-custom) metrics:
monitors:
- type: elasticsearch
host: localhost
port: 9200
Enhanced (custom) metrics π
The elasticsearch monitor collects a subset of node stats of JVM, process, HTTP,
transport, indices, and thread pool stats. It is possible to enable
enhanced stats for each stat group separately. Note that these metrics
get categorized under the custom group if you are on host-based
pricing. This is an example of a configuration that collects enhanced (custom) metrics:
monitors:
- type: elasticsearch
host: localhost
port: 9200
enableEnhancedHTTPStats: true
enableEnhancedJVMStats: true
enableEnhancedProcessStats: true
enableEnhancedThreadPoolStats: true
enableEnhancedTransportStats: true
enableEnhancedNodeIndicesStats:
- indexing
- warmer
- get
The enableEnhancedNodeIndicesStats option takes a list of index stats groups
for which enhanced stats will be collected. See Nodes stats API for a comprehensive list of all available groups.
Note that the enableEnhancedIndexStatsForIndexGroups configuration option is similar to the enableEnhancedNodeIndicesStats configuration option, but for index level stats.
Thread pools π
By default, thread pool statistics from the βsearchβ and βindexβ thread pools are collected. To collect
stats from other thread pools, specify the threadPools configuration option, as shown in the following example:
monitors:
- type: elasticsearch
host: localhost
port: 9200
threadPools:
- bulk
- warmer
- listener
The following is a list of valid thread pools by Elasticsearch version:
Thread pool name |
ES 1.x |
ES 2.0 |
ES 2.1+ |
|---|---|---|---|
merge |
β |
||
optimize |
β |
||
bulk |
β |
β |
β |
flush |
β |
β |
β |
generic |
β |
β |
β |
get |
β |
β |
β |
snapshot |
β |
β |
β |
warmer |
β |
β |
β |
refresh |
β |
β |
β |
fetch_shard_started |
β |
β |
|
fetch_shard_store |
β |
β |
|
listener |
β |
β |
|
management |
β |
β |
|
percolate |
β |
β |
|
suggest |
β |
β |
|
force_merge |
β |
Collecting index statistics π
By default, the configuration parameter indexes is empty, which means
that stats are collected on all indexes. To collect statistics from a subset of
indexes, set the configuration parameter indexes to a list of the index
names you want to collect stats for.
The call to collect index statistics can be CPU-intensive. For this reason, use
the indexStatsIntervalSeconds configuration
parameter to decrease the reporting interval for nodes that report index
statistics.
Primaries versus total π
By default, the monitor collects a subset of index stats of total aggregation type. The total for an index stat aggregates across all shards, whereas primaries only reflect the stats from primary shards. It is possible to activate index stats of only primaries aggregation type. The following is an example configuration that shows how to index stats from primary shards:
monitors:
- type: elasticsearch
host: localhost
port: 9200
enableIndexStatsPrimaries: true
Metrics π
The following metrics are available for this integration:
Get help π
If you are not able to see your data in Splunk Observability Cloud, try these tips:
Submit a case in the Splunk Support Portal
Available to Splunk Observability Cloud customers
-
Available to Splunk Observability Cloud customers
Ask a question and get answers through community support at Splunk Answers
Available to Splunk Observability Cloud customers and free trial users
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide
Available to Splunk Observability Cloud customers and free trial users
To learn how to join, see Get Started with Splunk Community - Chat groups
To learn about even more support options, see Splunk Customer Success.