Learn about the Wavefront Elasticsearch Integration.

Elasticsearch Integration

Elasticsearch is a distributed, RESTful search and analytics engine. This integration installs and configures Telegraf to send Elasticsearch metrics into Wavefront. Telegraf is a light-weight server process capable of collecting, processing, aggregating, and sending metrics to a Wavefront proxy.

In addition to setting up the metrics flow, this integration also installs a dashboard for monitoring an Elasticsearch cluster. Here’s a screenshot of that dashboard:

images/Elasticsearch_dashboard_screenshot.png

To see a list of the metrics for this integration, select the integration from https://github.com/influxdata/telegraf/tree/master/plugins/inputs.

Elasticsearch Setup

Note: If you use vRealize Operations, the application proxy agent sets up the integration for you. See the setup instructions. Otherwise, follow the setup steps on this page.

Step 1. Install the Telegraf Agent

This integration uses the Elasticsearch input plugin for Telegraf. If you’ve already installed Telegraf on your server(s), you can skip to Step 2.

Log in to your Wavefront instance and follow the instructions in the Setup tab to install Telegraf and a Wavefront proxy in your environment. If a proxy is already running in your environment, you can select that proxy and the Telegraf install command connects with that proxy. Sign up for a free trial to check it out!

Step 2. Configure Telegraf Elasticsearch Input Plugin

Create a file called elasticsearch.conf in /etc/telegraf/telegraf.d and enter the following snippet:

[[inputs.elasticsearch]]
  ## Specify a list of one or more Elasticsearch server(s)
  ## you can add username and password to your url to use basic authentication:
  ## servers = ["http://user:pass@localhost:9200"]
  servers = ["http://localhost:9200"]

  ## Timeout for HTTP requests to the Elasticsearch server(s)
  http_timeout = "5s"

  ## When local is true (the default), the node will read only its own stats.
  ## Set local to false when you want to read the node stats from all nodes
  ## of the cluster.
  local = false

  ## Set cluster_health to true when you want to obtain cluster health stats
  cluster_health = true

  ## Adjust cluster_health_level when you want to obtain detailed health stats
  ## The options are
  ##  - indices (default)
  ##  - cluster
  # cluster_health_level = "indices"

  ## Set cluster_stats to true when you want to obtain cluster stats.
  cluster_stats = true

  ## If you set cluster_stats_only_from_master to true, you must also set local to true.
  # cluster_stats_only_from_master = false

  ## Indices to collect; can be one or more index names or _all
  # indices_include = ["_all"]

  ## One of "shards", "cluster", "indices"
  ## Currently only "shards" is implemented
  # indices_level = "shards"

  ## node_stats is a list of sub-stats that you want to collect. Valid options
  ## are "indices", "os", "process", "jvm", "thread_pool", "fs", "transport", "http",
  ## "breaker". By default, all stats are gathered.
  # node_stats = ["jvm", "http"]

  ## HTTP Basic Authentication username and password.
  # username = ""
  # password = ""

  ## Optional TLS Config
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
  ## Use TLS but skip chain & host verification
  # insecure_skip_verify = false

Set local to false to configure Elasticsearch to return data for all nodes in the cluster. Also, the Wavefront Elasticsearch dashboard depends on metrics generated by the cluster_health and cluster_stats endpoints, so set those booleans to true as well.

Step 3. Configure Enum Processor Plugin

Create a Enum Processor Plugin configuration file at /etc/telegraf/telegraf.d/enum-processor.conf and add the following snippet, which defines a mapping from metric tags or fields to numeric values.

  ##########  PROCESSOR PLUGINS  ##########

  ## Map enum values according to given table.
[[processors.enum]]
  [[processors.enum.mapping]]
  ## Name of the field to map
    field = "status"

  ## Destination field to be used for the mapped value.  By default the source
  ## field is used, overwriting the original value.
    dest = "status_code"

  ## Default value to be used for all values not contained in the mapping
  ## table.  When unset, the unmodified value for the field will be used if no
  ## match is found.
  # default = 0

  ## Table of mappings
    [processors.enum.mapping.value_mappings]
      green = 1
      yellow = 2
      red = 3

Step 4. Restart Telegraf

Run sudo service telegraf restart to restart your agent.