Infrastructure monitoring with Elastic Carlos Pérez-Aradros Herce - Platform Integrations Tech Lead 19 Nov 2020 

Carlos Pérez-Aradros Herce Tech lead - Integrations platforms [email protected] exekias 

Elastic is a search company. 

Search. Observe. Protect. 

3 solutions Elastic Enterprise Search Elastic Security Elastic Observability 

Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats Logstash 3 solutions powered by 1 stack Elastic Stack 

SaaS Orchestration Elastic Cloud on Kubernetes Elastic Cloud Elastic Cloud Enterprise Elastic Enterprise Search Elastic Security Elastic Observability Kibana Elasticsearch Beats Logstash Deploy anywhere. Powered by the Elastic Stack 3 solutions Deployed anywhere 

Elastic Observability Logs Metrics APM Uptime 

Unified visibility across your entire ecosystem Bring your logs, metrics, and traces together into a single stack so you can monitor, detect, and react to events with speed. ELASTIC OBSERVABILITY 

Cloud monitoring 

You don’t choose multi-cloud; multi-cloud chooses you. Enterprise Cloud Strategy More than 1000 employees Multiple public Single public Single private Multi-cloud 93% Source: Flexera 2020 State of the Cloud Report Hybrid cloud 87% 6% 6% 1% 

Beats: The Lightweight Shippers of the Elastic Stack auditbeat filebeat heartbeat metricbeat packetbeat winlogbeat 

On-Premises alerting User group A User group B Observability With Multi-Cloud 

APM Logs&Metrics API API Azure Monitor Event Hub APM GCP Stackdriver Logs&Metrics API APM Logs&Metrics API AWS CloudWatch CCS CCS CCS Future: Multi-Cloud and Cross Cluster 

Method 1 Metrics Azure Services GCP Services Stackdriver Monitoring Monitor CloudWatch Method 2 AWS Services 

Configuration Example – module: aws period: 5m metricsets: – ec2 credential_profile_name: elastic – module: googlecloud period: 1m metricsets: – compute region: "us-" project_id: "elastic-observability" credentials_file_path: "/Desktop/gcp_creds.json" exclude_labels: false – module: azure period: 300s metricsets: – compute_vm client_id: '$AZURE_CLIENT_ID""}' client_secret: '$AZURE_CLIENT_SECRET""}' tenant_id: '$AZURE_TENANT_ID""}' subscription_id: '$AZURE_SUBSCRIPTION_ID""}' refresh_list_interval: 600s 

GCP BigQuery AWS Cost Explorer AWS CloudWatch Azure Cost Management Billing Billing 

AWS Services Azure Services GCP Services SQS S3 CloudWatch Event Hub PubSub Logs 

filebeat.inputs: – type: awscloudwatch credential_profile_name: elastic-beats log_group_arn: arn:aws:logs:us-east-1123:log-group:test:* region: us-east-1 scan_frequency: 30s start_position: beginning api_timeout: 5m filebeat.inputs: – type: s3 queue_url: https://sqs.us-east-1.amazonaws.com/123/test-fb-ks credential_profile_name: elastic-beats json.message_key: Records Configuration Example Using Inputs 

Kubernetes monitoring 

cluster Kubernetes: pods, nodes, cluster node kubelet proxy node kubelet proxy node kubelet proxy node kubelet proxy - pod schedule 

Monitoring kubernetes environments 

Monitoring kubernetes environments - What to monitor - Hosts - Containers - Containerized applications - Kubernetes components - Metrics sources - cAdvisor, kubelet - kube-state-metrics - Prometheus - APM Metricbeat Heapster Prometheus ... Elasticsearch Kibana 

Metadata processors - ECS Enrich events with useful metadata to correlate logs, metrics & traces • cloud.availability_zone • cloud.region • cloud.instance_id • cloud.machine_type • cloud.project_id • cloud.provider • docker.container.id • docker.container.image • docker.container.name • docker.container.labels • kubernetes.pod.name • kubernetes.namespace • kubernetes.labels • kubernetes.annotations • kubernetes.container.name • kubernetes.container.image add_cloud_metadata add_docker_metadata add_kubernetes_metadata 

Kubernetes deployment Node 1 Metricbeat Filebeat Node 2 Metricbeat Filebeat Node n Metricbeat Filebeat Filebeat DaemonSet Metricbeat DaemonSet 

Inventory view Birds-eye view of your kubernetes clusters 

Node Metricbeat Autodiscover Oh no! My applications are moving! Logs Metrics nginx Elasticsearch metricbeat.autodiscover: providers: - type: kubernetes host: ${HOSTNAME} templates: - condition.contains: kubernetes.container.name: nginx config: - module: nginx period: 10s metricsets: ["stubstatus"] hosts: ["${data.host}:8080"] 

Metricbeat Autodiscover 

Hints based auto-discovery - Hints tell Metricbeat how to get metrics for the given container. - It looks for hints in K8s Pod annotations or Docker labels which have the prefix co.elastic.metrics . - As soon as the container starts, Metricbeat will check if it contains any hints and launch the proper config for it. metricbeat.autodiscover: providers: - type: kubernetes hints.enabled: true annotations: co.elastic.metrics/module: prometheus co.elastic.metrics/metricsets: collector co.elastic.metrics/hosts: '${data.host}:9090' co.elastic.metrics/period: 1m 

Demo time 

Service: “beats-demo” LoadBalancer Deployment: “beats-demo“ Demo scenario: http://34.77.157.229 Pod Pod ... Deployment: “mysql“ Logs Metrics Network analytics App Performance Metrics Pod 

Elastic is a Search Company. www.elastic.co Thank You