[role="xpack"] [testenv="gold"] [[configuring-monitoring]] == Configuring monitoring in {es} ++++ Configuring monitoring ++++ By default, {monitoring} is enabled but data collection is disabled. Advanced monitoring settings enable you to control how frequently data is collected, configure timeouts, and set the retention period for locally-stored monitoring indices. You can also adjust how monitoring data is displayed. . To collect monitoring data about your {es} cluster: .. Verify that the `xpack.monitoring.enabled`, `xpack.monitoring.collection.enabled`, and `xpack.monitoring.elasticsearch.collection.enabled` settings are `true` on each node in the cluster. By default xpack.monitoring.collection.enabled is disabled (`false`), and that overrides xpack.monitoring.elasticsearch.collection.enabled, which defaults to being enabled (`true`). Both settings can be set dynamically at runtime. For more information, see <>. .. Optional: Specify which indices you want to monitor. + -- By default, the monitoring agent collects data from all {es} indices. To collect data from particular indices, configure the `xpack.monitoring.collection.indices` setting. You can specify multiple indices as a comma-separated list or use an index pattern to match multiple indices. For example: [source,yaml] ---------------------------------- xpack.monitoring.collection.indices: logstash-*, index1, test2 ---------------------------------- You can prepend `+` or `-` to explicitly include or exclude index names or patterns. For example, to include all indices that start with `test` except `test3`, you could specify `+test*,-test3`. -- .. Optional: Specify how often to collect monitoring data. The default value for the `xpack.monitoring.collection.interval` setting 10 seconds. See <>. . Optional: Configure your cluster to route monitoring data from sources such as {kib}, Beats, and Logstash to a monitoring cluster: .. Verify that `xpack.monitoring.collection.enabled` settings are `true` on each node in the cluster. .. {stack-ov}/xpack-monitoring.html[Configure {monitoring} across the Elastic Stack]. . Identify where to store monitoring data. + -- By default, {monitoring} uses a `local` exporter that indexes monitoring data on the same cluster. See <> and <>. Alternatively, you can use an `http` exporter to send data to a separate monitoring cluster. See <>. For more information about typical monitoring architectures, see {stack-ov}/how-monitoring-works.html[How Monitoring Works]. -- . If {security} is enabled and you are using an `http` exporter to send data to a dedicated monitoring cluster: .. Create a user on the monitoring cluster that has the {xpack-ref}/built-in-roles.html#built-in-roles-remote-monitoring-agent[`remote_monitoring_agent` built-in role]. For example, the following request creates a `remote_monitor` user that has the `remote_monitoring_agent` role: + -- [source, sh] --------------------------------------------------------------- POST /_xpack/security/user/remote_monitor { "password" : "changeme", "roles" : [ "remote_monitoring_agent"], "full_name" : "Internal Agent For Remote Monitoring" } --------------------------------------------------------------- // CONSOLE // TEST[skip:needs-gold+-license] -- .. On each node in the cluster that is being monitored, configure the `http` exporter to use the appropriate credentials when data is shipped to the monitoring cluster. + -- If SSL/TLS is enabled on the monitoring cluster, you must use the HTTPS protocol in the `host` setting. You must also include the CA certificate in each node's trusted certificates in order to verify the identities of the nodes in the monitoring cluster. The following example specifies the location of the PEM encoded certificate with the `certificate_authorities` setting: [source,yaml] -------------------------------------------------- xpack.monitoring.exporters: id1: type: http host: ["https://es-mon1:9200", "https://es-mon2:9200"] auth: username: remote_monitor <1> password: changeme ssl: certificate_authorities: [ "/path/to/ca.crt" ] id2: type: local -------------------------------------------------- <1> The `username` and `password` parameters provide the user credentials. Alternatively, you can configure trusted certificates using a truststore (a Java Keystore file that contains the certificates): [source,yaml] -------------------------------------------------- xpack.monitoring.exporters: id1: type: http host: ["https://es-mon1:9200", "https://es-mon2:9200"] auth: username: remote_monitor password: changeme ssl: truststore.path: /path/to/file truststore.password: password id2: type: local -------------------------------------------------- -- . If {security} is enabled and you want to visualize monitoring data in {kib}, you must create users that have access to the {kib} indices and permission to read from the monitoring indices. + -- You set up {monitoring} UI users on the cluster where the monitoring data is stored, that is to say the monitoring cluster. To grant all of the necessary permissions, assign users the `monitoring_user` and `kibana_user` roles. For more information, see {stack-ov}/mapping-roles.html[Mapping users and groups to roles]. -- . Optional: <>. include::indices.asciidoc[] include::{es-repo-dir}/settings/monitoring-settings.asciidoc[]