Monitor-Your-ELK-Stack-With-Telegraf-and-MetricFire

Best Method to Monitor Your ELK Stack Using Telegraf and MetricFire

Table of Contents

Introduction

The ELK stack, which stands for Elasticsearch, Logstash, and Kibana, is a powerful suite of tools for searching, analyzing, and visualizing log data in real-time. Within a software company's infrastructure, this stack can be utilized in several key areas to improve operational efficiency, debug issues, and gain insights into user behavior. 

The ELK stack provides a centralized platform for aggregating logs from various sources. Logstash can collect and process data from different inputs, Elasticsearch can index and store this data, and Kibana can visualize and analyze the data in real-time. This centralization supports quick debugging, monitoring, and analysis of issues across the entire infrastructure.

So, if an ELK stack is crucial for monitoring the performance of your infrastructure, what about tracking the performance of your ELK stack? That's where MetricFire can help!

In this article, we'll detail how to use the Telegraf agent to collect ELK performance metrics and forward them to a MetricFire account.

Getting Started with the Telegraf Agent

Telegraf is a plugin-driven server agent built on InfluxDB that collects and sends metrics/events from databases, systems, processes, devices, and applications. It is written in Go, compiles into a single binary with no external dependencies, and requires a minimal memory footprint. Telegraf is compatible with many operating systems and has many helpful output plugins and input plugins for collecting and forwarding a wide variety of system performance metrics. 

Install Telegraf (Linux/Redhat)

Download Telegraf and unzip it (see the Telegraf docs for up-to-date versions and installation commands for many operating systems). Packages and files are generally installed at /etc/telegraf/


Ubuntu/Debian
wget https://dl.influxdata.com/telegraf/releases/telegraf_1.30.0-1_amd64.deb
sudo dpkg -i telegraf_1.30.0-1_amd64.deb

RedHat/CentOS

wget https://dl.influxdata.com/telegraf/releases/telegraf-1.30.0-1.x86_64.rpm
sudo yum localinstall telegraf-1.30.0-1.x86_64.rpm

Configure an Output

You can configure Telegraf to output to various sources, such as Kafka, Graphite, InfluxDB, Prometheus, SQL, NoSQL, and more.

In this example, we will configure telegraf with a Graphite output. If you're not currently hosting your data source, start a 14-day free trial with Hosted Graphite by MetricFire to follow these next steps.

A Hosted Graphite account will provide the data source, offer an alerting feature, and include Hosted Grafana as a visualization tool.

To configure the Graphite output, locate the downloaded telegraf configuration file at /etc/telegraf/telegraf.conf and open it in your preferred text editor. Then, you will need to make the following changes to the file:

First, uncomment the line:

[[outputs.graphite]]

Next, uncomment and edit the server line to:

servers = ["carbon.hostedgraphite.com:2003"]

Finally, uncomment and edit the prefix line to:

prefix = "<YOUR_API_KEY>.telegraf"
If you don't already have a Hosted Graphite account, sign up for a free trial here to obtain a Hosted Graphite API key.
Otherwise, you can configure a different telegraf output to forward metrics to another data source.

Configure the Elasticsearch Input Plugin

Telegraf has many input plugins that can collect a wide range of data from many popular technologies and 3rd party sources. In this example, we'll demonstrate how to configure the Elasticsearch plugin.

All you need to do is search for the inputs. Elasticsearch section in your Telegraf.conf file, and uncomment the [[inputs.elasticsearch]] line:

[[inputs.elasticsearch]]

Then you can uncomment the 'servers' line; the default URL is:

  servers = ["http://localhost:9200"]

Next, uncomment/modify the following sections in the Elasticsearch plugin config (some can optionally be set to false to limit the number of metrics forwarded):

  http_timeout = "5s"
  local = true
cluster_health = true
cluster_stats = true
  cluster_stats_only_from_master = true
  indices_include = ["_all"]
  indices_level = "shards"

Save your changes, and then start Telegraf using the following command to see if there are any configuration errors in the output:

telegraf --config telegraf.conf

Telegraf will now be forwarding Elasticsearch metrics to your data source. See our Elasticsearch blog article for additional details or the official GitHub repository for more information and configuration options for the Elasticsearch input plugin.

Configure the Logstash Input Plugin

Telegraf has many input plugins that can collect a wide range of data from many popular technologies and 3rd party sources. In this example, we'll demonstrate how to configure the Logstash plugin.

Within your telegraf.conf file, locate and uncomment the [[inputs.logstash]] line:

[[inputs.logstash]]

Then you can uncomment the 'URL' line; the default path is:

  url = "http://127.0.0.1:9600"

Save your changes, and then start Telegraf using the following command to see if there are any configuration errors in the output:

telegraf --config telegraf.conf

Telegraf will now be forwarding Logstash metrics to your data source. See our Logstash blog article for additional details or the official GitHub repository for more information and configuration options for this input plugin.

Configure the Kibana Input Plugin

Telegraf has many input plugins that can collect a wide range of data from many popular technologies and 3rd party sources. In this example, we'll demonstrate how to configure the Kibana plugin.

Open your Telegraf.conf file, and uncomment the [[inputs.kibana]] line:

[[inputs.kibana]]

Then you can uncomment the 'servers' and 'timeout' lines; the defaults are:

 servers = ["http://localhost:5601"]
timeout = "5s"

Save your changes, and then start Telegraf using the following command to see if there are any configuration errors in the output:

telegraf --config telegraf.conf

Telegraf will now be forwarding Kibana metrics to your data source. See our Kibana blog article for additional details or the official GitHub repository for more information and configuration options for the Elasticsearch input plugin.

Use Hosted Graphite by MetricFire to Create Custom Dashboards and Alerts

MetricFire is a monitoring platform that enables you to gather, visualize, analyze, and alert on metrics from sources such as servers, databases, networks, devices, and applications. Using MetricFire, you can effortlessly identify problems and optimize resources within your infrastructure. Hosted Graphite by MetricFire removes the burden of self-hosting your monitoring solution, allowing you more time and freedom to work on your most important tasks.

  1. Once you have signed up for a Hosted Graphite account and used the above steps to configure your server with the Telegraf Agent, metrics will be forwarded, timestamped, ingested, and aggregated into the Hosted Graphite backend.
  2. They will be sent and stored in the Graphite format of metric.name.path <numeric-value> <unix-timestamp> provides a tree-like data structure and makes them easy to query.
  3. Now that all of your ELK performance metrics are in 1 place, you can locate them in your Hosted Graphite account and use them to build custom Dashboard Alerts.

Create Dashboards in Hosted Graphite's Hosted Grafana

In the Hosted Graphite UI, navigate to Dashboards => Primary Dashboards and select the + button to build new panels:

new-grafana-panel

Then you can go into Edit mode and use the query UI to select a graphite metric path:

elk-metric-query

NOTE: If you access Grafana through your HG account, the default data source will be the Hosted Graphite backend. 



Here's an example of how you might visualize your Elasticsearch, Logstash, and Kibana metrics on the same dashboard:

elk-performance-dashboard

See the Hosted Graphite dashboard docs for more details on creating dashboards and adding advanced features like Graphite Functions, Dashboard Variables and Annotations.

Creating Graphite Alerts

In the Hosted Graphite UI, navigate to Alerts => Graphite Alerts to create a new alert. Name the alert, add one of your graphite metrics to the alerting metric field, and add a description of what this alert is:

kibana-alert

Then select the Criteria tab, which will set the threshold, and select a notification channel:

kibana-alert-criteria

NOTE: the default notification channel is the email you used to sign up for the Hosted Graphite account, but you can easily configure a channel for Slack, PagerDuty, Microsoft Teams, and more. See the Hosted Graphite docs for more details on notification channels.

Conclusion

Monitoring the performance of your ELK stack is vital for ensuring that critical logging, monitoring, and data analysis functions operate efficiently and without interruption. This directly impacts your business's ability to make informed decisions and maintain high operational standards. It also helps optimize resource usage, preemptively identifying issues and safeguarding against data loss or security breaches, supporting overall business continuity and performance.

Tools like dashboards and alerts complement this monitoring by providing real-time visualization, proactive identification of issues, historical trend analysis, and facilitating informed decision-making, all essential for maintaining a robust and efficient infrastructure.

Sign up for a free trial, and start monitoring your ELK infrastructure today! You can also book a demo and talk to the MetricFire team directly about your monitoring needs.

You might also like other posts...
metricfire Nov 12, 2024 · 13 min read

10 Best Cisco Switch Monitoring Tools for 2025

MetricFire provides the best hosted open-source Cisco switch network monitoring solution. It is the... Continue Reading

metricfire Nov 11, 2024 · 8 min read

Simple Guide to Converting Prometheus Metrics to Graphite Using Telegraf

Monitoring Prometheus metrics as Graphite metrics simplifies metric organization, offering a straightforward, hierarchical naming... Continue Reading

metricfire Nov 06, 2024 · 8 min read

Easiest Way to Monitor Traefik Requests Using StatsD and Graphite

Monitoring and alerting on your Traefik statistics is crucial for keeping your SaaS platform... Continue Reading

header image

We strive for 99.999% uptime

Because our system is your system.

14-day trial 14-day trial
No Credit Card Required No Credit Card Required