ELK集群之metricbeat（9）

Metricbeat包的安装及简单使用

        Metricbeat包的安装及简单使用
系统数据采集
  Python -> ES -> Grafana

metricbeat的安装
  metricbeat -> logstash -> ES -> Grafana系统监控
  Metricbeat解决的问题：手动写Python比较麻烦
  yum localinstall metricbeat-7.6.2-x86_64.rpm -y

metric默认配置说明
  /etc/metricbeat/metricbeat.yml
  /etc/metricbeat/modules.d/*.yml

metric配置/etc/metricbeat/metricbeat.yml
metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression
setup.kibana:
output.logstash:
  hosts: ["192.168.238.90:5044"]

metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression
setup.kibana:
output.kafka:
  hosts: ["172.17.166.217:9092", "172.17.166.218:9092", "172.17.166.219:9092"]

  topic: 'test2'
  partition.round_robin:
    reachable_only: false

  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000

metricbeat采集系统配置

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.6/metricbeat-module-system.html
- module: system
  period: 60s
  metricsets:
    - network
  interfaces:
    - eth0

- module: system
  period: 10s
  metricsets:
    - cpu
    - load
    - memory
    #- network
    #- process
    #- process_summary
    #- socket_summary
    #- entropy
    #- core
    #- diskio
    #- socket
    #- service
  #process.include_top_n:
  #  by_cpu: 5      # include top 5 processes by CPU
  #  by_memory: 5   # include top 5 processes by memory

- module: system
  period: 1m
  metricsets:
    - filesystem
#    - fsstat
  processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|host|lib)($|/)'

#q
#- module: system
#  period: 15m
#  metricsets:
#    - uptime

#- module: system 
#  period: 5m
#  metricsets:
#    - raid
#  raid.mount_point: '/'   

        Metricbeat收集cpu内存等信息Grafana展示
Kibana上先清空之前的索引信息

load展示
  metric: avg system.load.1
  metric: avg system.load.5
  metric: avg system.load.15
  groupby: host.name.keyword

  alias: {{host.name.keyword}} {{metric}} {{field}}
  interval: 1m

cpu展示，如果显示异常，清空索引后再观察下
  cpu.idle.pct
  cpu.system.pct
  cpu.user.pct
  cpu.iowait.pct

磁盘使用率
system.filesystem.used.pct

内存使用率的展现
system.memory.actual.used.pct

        Metricbeat收集流量信息Grafana展示
需要配置单独收集某个网卡的流量/etc/metricbeat/modules.d/system.yml
- module: system
  period: 60s
  metricsets: 
    - network
  interfaces: 
    - eth0

Grafana配置流量信息1m=60s 1Byte=8bit
  avg(system.network.in.bytes)  _value/60*8
  Derivative(avg(system.network.in.bytes))

  alias {{host.name.keyword}} in traffic
  alias {{host.name.keyword}} out traffic

metricbeat modules enable nginx #开启模块

多台metricbeat安装-多台服务器采集
metricbeat安装
  yum localinstall metricbeat-7.6.2-x86_64.rpm -y

metric配置/etc/metricbeat/metricbeat.yml
  拷贝之前一台服务器的

metricbeat配置/etc/metricbeat/modules.d/system.yml
  拷贝之前一台服务器的

启动查看grafana
  systemctl restart metricbeat

        Metricbeat采集Nginx信息Grafana展示
Nginx编译需要加以下选项
  --with-http_stub_status_module

Nginx配置新增
        location /sjgstatus {
            stub_status on;
            access_log off;
        allow 192.168.0.0/16;
        deny all;
        }

Metricbeat支持nginx
  metricbeat modules enable nginx

测试能否获取数据
  curl xxx/sjgstatus

Grafana配置nginx请求情况
  avg(requests) _value / 60
  Derivative
  term by : service.address.keyword
  alias: {{service.address.keyword}} accept persecond

模拟数据
  while true; do  curl 192.168.238.90; curl 192.168.238.90/test; sleep 1; done

        Metricbeat采集多台Nginx数据
安装Nginx，跟之前一样的配置

Metric新增一台Nginx监控
hosts: ["http://xxx","http://xxx"]

一台Metricbeat就能监控能通的Nginx

Metricbeat采集Redis信息Grafana展示

安装redis
  yum install redis -y

配置redis
  设置绑定地址：0.0.0.0
  设置密码：sjgpwd

Metricbeat支持redis
  metricbeat modules enable redis

监控redis每秒连接数
  received persecond _value / 60
  Derivative
  grouby: service.address
  alias: {{service.address.keyword}} received persecond

模拟数据
  while true; do redis-cli -a sjgpwd set a b; redis-cli -a sjgpwd get a; sleep 1; done

metricbeat还支持收集很多模块，见以下目录
/etc/metricbeat/modules.d/

Metricbeat采集Mysql监控数据

Metricbeat采集Mysql监控数据
安装mysql服务器准备
yum install mariadb-server -y
systemctl restart mariadb
mysql_secure_installation

监控权限开启
grant usage on *.* to 'monitor'@'192.168.%' identified by 'sjgpwd';
flush privileges;

测试能否正常登录
mysql -h 192.168.238.92 -umonitor -psjgpwd -A

开启监控mysql模块
metricbeat modules enable mysql

配置mysql监控
  hosts: ["monitor:sjgpwd@tcp(xxx:3306)/"]

监控mysql delete persecond
  delete persecond _value / 60
  Derivative
  grouby: service.address
  alias: {{service.address.keyword}} delete persecond

模拟数据，观察grafana
use mysql;
create table test (id int);
mysql -psjgpwd -A -e "use mysql; delete from test"

Metricbeat根据不同类型定义不同索引

metricbeat采集
  metricbeat modules enable system
  metricbeat modules enable redis
  metricbeat modules enable nginx
  metricbeat modules enable mysql

Logstash区分system还是redis 还是其它
output {
  if [service][type] == "mysql" {
    elasticsearch {
      hosts => ["http://192.168.238.90:9200", "http://192.168.238.92:9200"]
      user => "elastic"
      password => "sjgpwd"
      index => "sjgmysql-%{+YYYY.MM.dd}"
    }
  }
  else if [service][type] == "redis" {
    elasticsearch {
      hosts => ["http://192.168.238.90:9200", "http://192.168.238.92:9200"]
      user => "elastic"
      password => "sjgpwd"
      index => "sjgredis-%{+YYYY.MM.dd}"
    }
  }
  else {
    elasticsearch {
      hosts => ["http://192.168.238.90:9200", "http://192.168.238.92:9200"]
      user => "elastic"
      password => "sjgpwd"
      index => "sjgother-%{+YYYY.MM.dd}"
    }
  }
}

Kibana页面上ES索引监控的开启

Kibana监控的开启
  开启kibana监控
  使用metricbeat

启动metricbeat
  metricbeat modules enable elasticsearch-xpack
  metricbeat modules disable 所有

配置文件elasticsearch-xpack.yml
- module: elasticsearch
  metricsets:
    - ccr
    - cluster_stats
    - enrich
    - index
    - index_recovery
    - index_summary
    - ml_job
    - node_stats
    - shard
  period: 10s
  hosts: ["http://192.168.238.90:9200", "http://192.168.238.92:9200"]
  username: "elastic"
  password: "sjgpwd"
  xpack.enabled: true

metricbeat配置：/etc/metricbeat/metricbeat.yml
metricbeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
  index.codec: best_compression
setup.kibana:

output.elasticsearch:
  hosts: ["192.168.238.90:9200", "192.168.238.92:9200"]
  username: "elastic"
  password: "sjgpwd"

Python测试监控是否正常
import time
import datetime
from elasticsearch import Elasticsearch
es = Elasticsearch(['http://elastic:sjgpwd@192.168.238.90:9200', 'http://elastic:sjgpwd@192.168.238.92:9200'])
for i in range(10000):
  curtime=datetime.datetime.utcnow().isoformat()
  body = {"name": "sjg{0}".format(i), "@timestamp": curtime, "sjgcount": i}
  es.index(index='sjg', body=body)
  time.sleep(1)
  print('insert {0}'.format(i))