[DOCS] Update metrics-explorer.asciidoc (#40898)
* Update metrics-explorer.asciidoc Partial commit. Adding missing chapter title and tidying up the tutorial a bit. * Update metrics-explorer.asciidoc Addressing review comments from @bmorelli25. Also changed "drop-down" to "dropdown" to meet style guide and added link for reference to KBL. * Addressing review comments from @simianhacker and @gchaps.
This commit is contained in:
Marjorie Jones
GitHub
parent
1a103c02e4
commit
d6371f8f8f
|
|
@ -1,58 +1,70 @@
|
|||
[role="xpack"]
|
||||
[[metrics-explorer]]
|
||||
|
||||
The metrics explorer allows you to easily visualize Metricbeat data and group it by arbitary attributes. This empowers you to visualize multiple metrics and can be a jumping off point for further investigations.
|
||||
== Metrics Explorer
|
||||
|
||||
Metrics Explorer allows you to visualize metrics data collected by Metricbeat and group it in various ways to visualize multiple metrics.
|
||||
It can be a starting point for further investigations.
|
||||
|
||||
[role="screenshot"]
|
||||
image::infrastructure/images/metrics-explorer-screen.png[Metrics Explorer in Kibana]
|
||||
|
||||
[float]
|
||||
[[metrics-explorer-requirements]]
|
||||
=== Metrics explorer requirements and considerations
|
||||
=== Metrics Explorer requirements and considerations
|
||||
|
||||
* The Metric explorer assumes you have data collected from {metricbeat-ref}/metricbeat-overview.html[Metricbeat].
|
||||
* You will need read permissions on `metricbeat-*` or the metric index specified in the Infrastructure configuration UI.
|
||||
* Metrics explorer uses the timestamp field set in the Infrastructure configuration UI. By default that is set to `@timestmap`.
|
||||
* The interval for the X Axis is set to `auto`. The bucket size is determined by the time range.
|
||||
* **Open in Visualize** requires the user to have access to the Visualize app, otherwise it will not be available.
|
||||
* The Metrics Explorer uses data collected from {metricbeat-ref}/metricbeat-overview.html[Metricbeat].
|
||||
* You need read permissions on `metricbeat-*` or the metric index specified in the Infrastructure configuration UI.
|
||||
* Metrics Explorer uses the timestamp field set in the Infrastructure configuration UI.
|
||||
By default that is set to `@timestamp`.
|
||||
* The interval for the X Axis is set to `auto`.
|
||||
The bucket size is determined by the time range.
|
||||
* *Open in Visualize* requires you to have access to the Visualize app, otherwise it is not available.
|
||||
|
||||
[float]
|
||||
[[metrics-explorer-tutorial]]
|
||||
=== Metrics explorer tutorial
|
||||
=== Metrics Explorer tutorial
|
||||
|
||||
In this tutorial we are going to use the Metrics explorer to create system load charts for each host we are monitoring with Metricbeat.
|
||||
Once we've explored the system load metrics,
|
||||
we'll show you how to filter down to a specific host and start exploring outbound network traffic for each interface.
|
||||
Before we get started, if you don't have any Metricbeat data, you'll need to head over to our
|
||||
{metricbeat-ref}/metricbeat-overview.html[Metricbeat documentation] and learn how to install and start collection.
|
||||
In this tutorial we'll use Metrics Explorer to view the system load metrics for each host we're monitoring with Metricbeat.
|
||||
After that, we'll filter down to a specific host and explore the outbound traffic for each network interface.
|
||||
Before we start, if you don't have any Metricbeat data, you'll need to head over to our
|
||||
{metricbeat-ref}/metricbeat-overview.html[Metricbeat documentation] to install Metricbeat and start collecting data.
|
||||
|
||||
1. Navigate to the Infrastructure UI in Kibana and select **Metrics Explorer**
|
||||
The initial screen should be empty with the metric field selection open.
|
||||
2. Start typing `system.load.1` and select the field.
|
||||
Once you've selected the field, you can add additional metrics for `system.load.5` and `system.load.15`.
|
||||
3. You should now have a chart with 3 different series for each metric.
|
||||
By default, the metric explorer will take the average of each field.
|
||||
To the left of the metric dropdown you will see the aggregation dropdown.
|
||||
You can use this to change the aggregation.
|
||||
For now, we'll leave it set to `Average`, but take some time to play around with the different aggregations.
|
||||
4. To the right of the metric input field you will see **graph per** and a dropdown.
|
||||
Enter `host.name` in this dropdown and select the field.
|
||||
This input will create a chart for every value it finds in the selected field.
|
||||
5. By now, your UI should look similar to the screenshot above.
|
||||
If you only have one host, then it will display the chart across the entire screen.
|
||||
For multiple hosts, the metric explorer divides the screen into three columns.
|
||||
Configurations, you've explored your first metric!
|
||||
6. Let's go for some bonus points. Select the **Actions** dropdown in the upper right hand corner of one of the charts.
|
||||
Select **Add Filter** to change the KQL expression to filter for that specific host.
|
||||
From here we can start exploring other metrics specific to this host.
|
||||
7. Let's delete each of the system load metrics by clicking the little **X** icon next to each of them.
|
||||
8. Set `system.network.out.bytes` as the metric.
|
||||
Because `system.network.out.bytes` is a monotonically increasing number, we need to change the aggregation to `Rate`.
|
||||
While this chart might appear correct, there is one critical problem: hosts have multiple interfaces.
|
||||
9. To fix our chart, set the group by dropdown to `system.network.name`.
|
||||
You should now see a chart per network interface.
|
||||
10. Let's imagine you want to put one of these charts on a dashboard.
|
||||
Click the **Actions** menu next to one of the interface charts and select **Open In Visualize**.
|
||||
This will open the same chart in Time Series Visual Builder. From here you can save the chart and add it to a dashboard.
|
||||
1. When you have Metricbeat running and collecting data, open Kibana and navigate to *Infrastructure*.
|
||||
The *Inventory* tab shows the host or hosts you are monitoring.
|
||||
|
||||
Who's the Metrics explorer now? You are!
|
||||
2. Select the *Metrics Explorer* tab.
|
||||
The initial configuration has the *Average* aggregation selected, the *of* field populated with some default metrics, and the *graph per* dropdown set to `Everything`.
|
||||
|
||||
3. To select the metrics to view, firstly delete all the metrics currently shown in the *of* field by clicking the *X* by each metric name.
|
||||
Then, in this field, start typing `system.load.1` and select this metric.
|
||||
Also add metrics for `system.load.5` and `system.load.15`.
|
||||
You will see a graph showing the average values of the metrics you selected.
|
||||
In this step we'll leave the aggregation dropdown set to *Average* but you can try different values later if you like.
|
||||
|
||||
4. In the *graph per* dropdown, enter `host.name` and select this field.
|
||||
You will see a separate graph for each host you are monitoring.
|
||||
If you are collecting metrics for multiple hosts, you will see something like the screenshot above.
|
||||
If you only have metrics for a single host, you will see a single graph.
|
||||
Congratulations! Either way, you've explored your first metric.
|
||||
|
||||
5. Let's explore a bit further.
|
||||
In the upper right hand corner of the graph for one of the hosts, select the *Actions* dropdown and click *Add Filter* to show ony the metrics for that host.
|
||||
This adds a {kibana-ref}/kuery-query.html[Kibana Query Language] filter for `host.name` in the second row of the Metrics Explorer configuration.
|
||||
If you only have one host, the graph will not change as you are already exploring metrics for a single host.
|
||||
|
||||
6. Now you can start exploring some host-specific metrics.
|
||||
First, delete each of the system load metrics in the *of* field by clicking the *X* by the metric name.
|
||||
Then enter the metric `system.network.out.bytes` to explore the outbound network traffic.
|
||||
This is a monotonically increasing value, so change the aggregation dropdown to `Rate`.
|
||||
|
||||
7. Since hosts have multiple network interfaces, it is more meaningful to display one graph for each network interface.
|
||||
To do this, select the *graph per* dropdown, start typing `system.network.name` and select this field.
|
||||
You will now see a separate graph for each network interface.
|
||||
|
||||
8. If you like, you can put one of these graphs in a dashboard.
|
||||
Choose a graph, click the *Actions* dropdown and select *Open In Visualize*.
|
||||
This opens the graph in {kibana-ref}/TSVB.html[TSVB].
|
||||
From here you can save the graph and add it to a dashboard as usual.
|
||||
|
||||
Who's the Metrics Explorer now? You are!
|
||||
|
|
|
|||
Loading…
Reference in a new issue