Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Monitor MongoDB with the Elastic Stack

Philipp Krenn
September 25, 2017
Programming
2
1.2k

Monitor MongoDB with the Elastic Stack

How to use the Elastic Stack (previously called ELK Stack) to monitor logs is widely known. But it can also give you a complete picture of your MongoDB installation:
* System metrics: Keep track of network traffic and system load.
* Logs: Collect and parse MongoDB logs.
* MongoDB metrics: Gather the most relevant attributes with the dedicated Metricbeat module.
* Queries: Monitor your queries on the wire with Packetbeat.

And we will do all of that together since it is so easy and quick to set up.

Philipp Krenn

September 25, 2017
Tweet

More Decks by Philipp Krenn

See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2k
360° Monitoring of Your Microservices
xeraa
7
3.3k
Scale Your Metrics with Elasticsearch
xeraa
4
130
YAML Considered Harmful
xeraa
0
2k
Scale Your Elasticsearch Cluster
xeraa
1
280
Hands-On ModSecurity and Logging
xeraa
2
140
Centralized Logging Patterns
xeraa
1
970
Dashboards for Your Management with Kibana Canvas
xeraa
1
450
Make Your Data FABulous
xeraa
3
810

Other Decks in Programming

See All in Programming
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
480
シェーダーで魅せるMapLibreの動的ラスタータイル
satoshi7190
1
480
AWS Lambdaから始まった
Serverlessの「熱」とキャリアパス / It started with AWS Lambda Serverless “fever” and career path
seike460
PRO
1
260
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
WebフロントエンドにおけるGraphQL(あるいはバックエンドのAPI)との向き合い方 / #241106_plk_frontend
izumin5210
4
1.4k
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
みんなでプロポーザルを書いてみた
yuriko1211
0
280
Jakarta EE meets AI
ivargrimstad
0
130
ローコードSaaSのUXを向上させるためのTypeScript
taro28
1
630
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.7k
最新TCAキャッチアップ
0si43
0
190
ペアーズにおけるAmazon Bedrockを⽤いた障害対応⽀援 ⽣成AIツールの導⼊事例 @ 20241115配信AWSウェビナー登壇
fukubaka0825
6
2k

Featured

See All Featured
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Gamification - CAS2011
davidbonilla
80
5k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.1k
Why Our Code Smells
bkeepers
PRO
334
57k
Typedesign – Prime Four
hannesfritz
40
2.4k
A Philosophy of Restraint
colly
203
16k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
Practical Orchestrator
shlominoach
186
10k

Transcript

  1. Monitor with the Stack Philipp Krenn@xeraa 1

  2. Infrastructure | Developer Advocate 2

  3. Disclaimer This is not a training https://www.elastic.co/training 3

  4. Who Is Using Elasticsearch Logstash and Kibana Beats 4

  5. 5

  6. 6

  7. 7

  8. Starting Point https://github.com/xeraa/mongodb-monitoring 8

  9. USB Sticks 9

  10. Box Vagrant Ansible Provisioner 10

  11. Credentials vagrant & vagrant 11

  12. SSH $ ssh [email protected] -p 2222 -o PreferredAuthentications=password Windows: http://www.putty.org

    12

  13. Ansible $ cd /elastic-stack/ $ ls 13

  14. 14

  15. REST $ curl -XGET -u "elastic:changeme" http://localhost:9200/ 15

  16. 16

  17. Login http://localhost:5601 elastic & changeme 17

  18. 18

  19. Filebeat 19

  20. Filebeat Modules 20

  21. System Dashboards 21

  22. 22

  23. MongoDB Logs /var/log/mongodb/mongod.log 23

  24. /etc/filebeat/filebeat.yml filebeat.prospectors: - input_type: log paths: - /var/log/mongodb/mongod.log document_type: mongodb

    24

  25. PS: Multiline Logs 25

  26. /etc/filebeat/filebeat.yml filebeat.prospectors: - input_type: log paths: - /var/log/java-app/*.log document_type: java

    multiline.pattern: '^[[:space:]]' multiline.negate: false multiline.match: after 26

  27. Test $ java -jar /opt/pocdriver/bin/POCDriver.jar -k 20 -i 10 -u

    10 -b 20 27

  28. Kibana Discover Limit Kibana view to the mongodb type 28

  29. 29

  30. Grok Patterns https://github.com/logstash-plugins/logstash-patterns- core/blob/master/patterns/grok-patterns 30

  31. MongoDB Patterns https://github.com/logstash-plugins/logstash-patterns- core/blob/master/patterns/mongodb 31

  32. Building Patterns Grokdebug in Kibana 5.5+ (X-Pack Basic) https://grokdebug.herokuapp.com 32

  33. 33

  34. /etc/filebeat/filebeat.yml output.elasticsearch: hosts: ["localhost:9200"] username: "{{ elastic_user }}" password: "{{

    elastic_password }}" pipeline: "mongodb_log" 34

  35. Console Pattern in a single line PUT _ingest/pipeline/mongodb_log { "description":

    "Ingest pipeline for MongoDB logs", "processors": [ { "grok": { "field": "message", "patterns": [ "%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{MONGO3_SEVERITY:mongodb.severity} %{SPACE}%{MONGO3_COMPONENT:mongodb.component}%{SPACE} (?:[%{DATA:mongodb.context}])?%{SPACE}%{GREEDYDATA:message}" ] } } ] } 35

  36. Filebeat Restart $ sudo service filebeat restart 36

  37. Test $ java -jar /opt/pocdriver/bin/POCDriver.jar -k 20 -i 10 -u

    10 -b 20 37

  38. Refresh Field List Management → Index Patterns → filebeat-* →

    Refresh field list 38

  39. Visualize mongodb.component of log events 39

  40. 40

  41. 41

  42. Fetch the Slow Log 42

  43. /etc/logstash/conf.d/00-mongodb- input.conf input { mongodb { uri => 'mongodb://127.0.0.1:27017/POCDB' placeholder_db_dir

    => '/var/local/logstash-mongodb/' collection => 'system.profile' batch_size => 500 generateId => true } } 43

  44. /etc/logstash/conf.d/20-elasticsearch- output.conf output { elasticsearch { hosts => ["localhost:9200"] manage_template

    => false index => "mongodb-%{+YYYY.MM.dd}" document_type => "slowlog" user => "{{ elastic_user }}" password => "{{ elastic_password }}" } } 44

  45. Logstash Restart $ sudo service logstash restart 45

  46. Debug Logstash $ less /var/log/logstash/logstash-plain.log 46

  47. Doesn't Work Getting data from system collections https://github.com/phutchins/logstash-input-mongodb/issues/8 47

  48. Extension Idea Build an exec filter to run slow queries

    against MongoDB's .explain() 48

  49. Metricbeat 49

  50. Metricbeat System 50

  51. Metricbeat Service 51

  52. /etc/metricbeat/metricbeat.yml - module: mongodb metricsets: ["dbstats", "status"] hosts: ["localhost:27017"] 52

  53. Metricbeat Restart $ sudo service metricbeat restart 53

  54. Test $ java -jar /opt/pocdriver/bin/POCDriver.jar -k 20 -i 10 -u

    10 -b 20 54

  55. 55

  56. Visual Builder mongodb.status.network.in.bytes vs mongodb.status.network.out.bytes 56

  57. 57

  58. Packetbeat 58

  59. Protocols 59

  60. Flows Application layer: Unsupported / encrypted (TLS) protocols IP /

    TCP / UDP Number of packets & bytes Retransmissions Temporal flow 60

  61. /etc/packetbeat/packetbeat.yml packetbeat.protocols.mongodb: ports: [27017] 61

  62. Packetbeat Restart $ sudo service packetbeat restart 62

  63. Test $ java -jar /opt/pocdriver/bin/POCDriver.jar -k 20 -i 10 -u

    10 -b 20 63

  64. 64

  65. Heartbeat 65

  66. Heartbeat ICMP, TCP, HTTP, HTTPS 66

  67. /etc/heartbeat/heartbeat.yml heartbeat.monitors: - type: tcp hosts: ["127.0.0.1:27017"] schedule: '@every 10s'

    67

  68. Heartbeat Restart $ sudo service heartbeat restart 68

  69. Test $ sudo service mongod stop $ sudo service mongod

    start 69

  70. Visualize Up or down and TCP response times 70

  71. 71

  72. 72

  73. Dashboard Combining visualizations 73

  74. 74

  75. Winlogbeat 75

  76. libbeat https://github.com/elastic/beats/tree/master/generate/beat 76

  77. 77

  78. X-Pack Security Monitoring Graph Reporting Alerting Machine Learning 78

  79. X-Pack Basic 79

  80. Conclusion 80

  81. 81

  82. 82

  83. 83

  84. Thanks! Questions? Philipp Krenn@xeraa 84