From d6371f8f8f24f7d9141aa8f79c3e32a219309ced Mon Sep 17 00:00:00 2001 From: Marjorie Jones Date: Thu, 1 Aug 2019 09:52:48 +0100 Subject: [PATCH] [DOCS] Update metrics-explorer.asciidoc (#40898) * Update metrics-explorer.asciidoc Partial commit. Adding missing chapter title and tidying up the tutorial a bit. * Update metrics-explorer.asciidoc Addressing review comments from @bmorelli25. Also changed "drop-down" to "dropdown" to meet style guide and added link for reference to KBL. * Addressing review comments from @simianhacker and @gchaps. --- docs/infrastructure/metrics-explorer.asciidoc | 96 +++++++++++-------- 1 file changed, 54 insertions(+), 42 deletions(-) diff --git a/docs/infrastructure/metrics-explorer.asciidoc b/docs/infrastructure/metrics-explorer.asciidoc index 82520e99b42b..008f7ee1bacc 100644 --- a/docs/infrastructure/metrics-explorer.asciidoc +++ b/docs/infrastructure/metrics-explorer.asciidoc @@ -1,58 +1,70 @@ [role="xpack"] [[metrics-explorer]] -The metrics explorer allows you to easily visualize Metricbeat data and group it by arbitary attributes. This empowers you to visualize multiple metrics and can be a jumping off point for further investigations. +== Metrics Explorer + +Metrics Explorer allows you to visualize metrics data collected by Metricbeat and group it in various ways to visualize multiple metrics. +It can be a starting point for further investigations. [role="screenshot"] image::infrastructure/images/metrics-explorer-screen.png[Metrics Explorer in Kibana] [float] [[metrics-explorer-requirements]] -=== Metrics explorer requirements and considerations +=== Metrics Explorer requirements and considerations -* The Metric explorer assumes you have data collected from {metricbeat-ref}/metricbeat-overview.html[Metricbeat]. -* You will need read permissions on `metricbeat-*` or the metric index specified in the Infrastructure configuration UI. -* Metrics explorer uses the timestamp field set in the Infrastructure configuration UI. By default that is set to `@timestmap`. -* The interval for the X Axis is set to `auto`. The bucket size is determined by the time range. -* **Open in Visualize** requires the user to have access to the Visualize app, otherwise it will not be available. +* The Metrics Explorer uses data collected from {metricbeat-ref}/metricbeat-overview.html[Metricbeat]. +* You need read permissions on `metricbeat-*` or the metric index specified in the Infrastructure configuration UI. +* Metrics Explorer uses the timestamp field set in the Infrastructure configuration UI. +By default that is set to `@timestamp`. +* The interval for the X Axis is set to `auto`. +The bucket size is determined by the time range. +* *Open in Visualize* requires you to have access to the Visualize app, otherwise it is not available. [float] [[metrics-explorer-tutorial]] -=== Metrics explorer tutorial +=== Metrics Explorer tutorial -In this tutorial we are going to use the Metrics explorer to create system load charts for each host we are monitoring with Metricbeat. -Once we've explored the system load metrics, -we'll show you how to filter down to a specific host and start exploring outbound network traffic for each interface. -Before we get started, if you don't have any Metricbeat data, you'll need to head over to our -{metricbeat-ref}/metricbeat-overview.html[Metricbeat documentation] and learn how to install and start collection. +In this tutorial we'll use Metrics Explorer to view the system load metrics for each host we're monitoring with Metricbeat. +After that, we'll filter down to a specific host and explore the outbound traffic for each network interface. +Before we start, if you don't have any Metricbeat data, you'll need to head over to our +{metricbeat-ref}/metricbeat-overview.html[Metricbeat documentation] to install Metricbeat and start collecting data. -1. Navigate to the Infrastructure UI in Kibana and select **Metrics Explorer** -The initial screen should be empty with the metric field selection open. -2. Start typing `system.load.1` and select the field. -Once you've selected the field, you can add additional metrics for `system.load.5` and `system.load.15`. -3. You should now have a chart with 3 different series for each metric. -By default, the metric explorer will take the average of each field. -To the left of the metric dropdown you will see the aggregation dropdown. -You can use this to change the aggregation. -For now, we'll leave it set to `Average`, but take some time to play around with the different aggregations. -4. To the right of the metric input field you will see **graph per** and a dropdown. -Enter `host.name` in this dropdown and select the field. -This input will create a chart for every value it finds in the selected field. -5. By now, your UI should look similar to the screenshot above. -If you only have one host, then it will display the chart across the entire screen. -For multiple hosts, the metric explorer divides the screen into three columns. -Configurations, you've explored your first metric! -6. Let's go for some bonus points. Select the **Actions** dropdown in the upper right hand corner of one of the charts. -Select **Add Filter** to change the KQL expression to filter for that specific host. -From here we can start exploring other metrics specific to this host. -7. Let's delete each of the system load metrics by clicking the little **X** icon next to each of them. -8. Set `system.network.out.bytes` as the metric. -Because `system.network.out.bytes` is a monotonically increasing number, we need to change the aggregation to `Rate`. -While this chart might appear correct, there is one critical problem: hosts have multiple interfaces. -9. To fix our chart, set the group by dropdown to `system.network.name`. -You should now see a chart per network interface. -10. Let's imagine you want to put one of these charts on a dashboard. -Click the **Actions** menu next to one of the interface charts and select **Open In Visualize**. -This will open the same chart in Time Series Visual Builder. From here you can save the chart and add it to a dashboard. +1. When you have Metricbeat running and collecting data, open Kibana and navigate to *Infrastructure*. +The *Inventory* tab shows the host or hosts you are monitoring. -Who's the Metrics explorer now? You are! +2. Select the *Metrics Explorer* tab. +The initial configuration has the *Average* aggregation selected, the *of* field populated with some default metrics, and the *graph per* dropdown set to `Everything`. + +3. To select the metrics to view, firstly delete all the metrics currently shown in the *of* field by clicking the *X* by each metric name. +Then, in this field, start typing `system.load.1` and select this metric. +Also add metrics for `system.load.5` and `system.load.15`. +You will see a graph showing the average values of the metrics you selected. +In this step we'll leave the aggregation dropdown set to *Average* but you can try different values later if you like. + +4. In the *graph per* dropdown, enter `host.name` and select this field. +You will see a separate graph for each host you are monitoring. +If you are collecting metrics for multiple hosts, you will see something like the screenshot above. +If you only have metrics for a single host, you will see a single graph. +Congratulations! Either way, you've explored your first metric. + +5. Let's explore a bit further. +In the upper right hand corner of the graph for one of the hosts, select the *Actions* dropdown and click *Add Filter* to show ony the metrics for that host. +This adds a {kibana-ref}/kuery-query.html[Kibana Query Language] filter for `host.name` in the second row of the Metrics Explorer configuration. +If you only have one host, the graph will not change as you are already exploring metrics for a single host. + +6. Now you can start exploring some host-specific metrics. +First, delete each of the system load metrics in the *of* field by clicking the *X* by the metric name. +Then enter the metric `system.network.out.bytes` to explore the outbound network traffic. +This is a monotonically increasing value, so change the aggregation dropdown to `Rate`. + +7. Since hosts have multiple network interfaces, it is more meaningful to display one graph for each network interface. +To do this, select the *graph per* dropdown, start typing `system.network.name` and select this field. +You will now see a separate graph for each network interface. + +8. If you like, you can put one of these graphs in a dashboard. +Choose a graph, click the *Actions* dropdown and select *Open In Visualize*. +This opens the graph in {kibana-ref}/TSVB.html[TSVB]. +From here you can save the graph and add it to a dashboard as usual. + +Who's the Metrics Explorer now? You are!