Elasticsearch stats

Use this Splunk Observability Cloud integration for the Elasticsearch monitor. See benefits, install, configuration, and metrics

The Splunk Distribution of the OpenTelemetry Collector uses the Smart Agent receiver with the Elasticsearch monitor type to collect node, cluster, and index level stats from Elasticsearch.

By default, this integration only collects cluster-level and index-level stats from the current primary in an Elasticsearch cluster. You can override this using the clusterHealthStatsMasterOnly and indexStatsMasterOnly configuration options respectively.

Benefits

After you configure the integration, you can access these features:

View metrics. You can create your own custom dashboards, and most monitors provide built-in dashboards as well. For information about dashboards, see View dashboards in Splunk Observability Cloud.
View a data-driven visualization of the physical servers, virtual machines, AWS instances, and other resources in your environment that are visible to Infrastructure Monitoring. For information about navigators, see Use navigators in Splunk Infrastructure Monitoring.
Access the Metric Finder and search for metrics sent by the monitor. For information, see Search the Metric Finder and Metadata Catalog.

Installation

Follow these steps to deploy this integration:

Deploy the Splunk Distribution of OpenTelemetry Collector to your host or container platform:
- Install on Kubernetes
- Install on Linux
Configure the monitor, as described in the Configuration section.
Restart the Splunk Distribution of OpenTelemetry Collector.

Configuration

To use this integration of a Smart Agent monitor with the Collector:

Include the Smart Agent receiver in your configuration file.
Add the monitor type to the Collector configuration, both in the receiver and pipelines sections.
- See how to Use Smart Agent monitors with the Collector.
- See how to set up the Smart Agent receiver.
- For a list of common configuration options, refer to Common configuration settings for monitors.
- Learn more about the Collector at Get started: Understand and use the Collector.

Example

To activate this integration, add the following to your Collector configuration:

receivers:
  smartagent/elasticsearch:
    type: elasticsearch
    ... # Additional config

For instance, to collects only default (non-custom) metrics:

monitors:
- type: elasticsearch
  host: localhost
  port: 9200

Next, add the monitor to the service.pipelines.metrics.receivers section of your configuration file:

service:
  pipelines:
    metrics:
      receivers: [smartagent/elasticsearch]

Configuration settings

The following table shows the configuration options for this monitor:


Option	Required	Type	Description
`host`	yes	`string`
`port`	yes	`string`
`username`	no	`string`	Username used to access Elasticsearch stats API
`password`	no	`string`	Password used to access Elasticsearch stats API
`useHTTPS`	no	`bool`	Whether to use https or not (default: `false`)
`httpHeaders`	no	`map of strings`	A map of HTTP header names to values. Comma separated multiple values for the same message-header is supported.
`skipVerify`	no	`bool`	If useHTTPS is `true` and this option is also `true`, the exporter TLS cert will not be verified. (default: `false`)
`caCertPath`	no	`string`	Path to the CA cert that has signed the TLS cert, unnecessary if `skipVerify` is set to `false`.
`clientCertPath`	no	`string`	Path to the client TLS cert to use for TLS required connections
`clientKeyPath`	no	`string`	Path to the client TLS key to use for TLS required connections
`cluster`	no	`string`	Cluster name to which the node belongs. This is an optional config that will override the cluster name fetched from a node and will be used to populate the plugin_instance dimension
`enableIndexStats`	no	`bool`	Activate Index stats. If set to `true`, by default the a subset of index stats will be collected (see docs for list of default index metrics collected). (default: `true`)
`indexes`	no	`list of strings`	Indexes to collect stats from (by default stats from all indexes are collected)
`indexStatsIntervalSeconds`	no	`integer`	Interval to report IndexStats on (default: `60`)
`indexSummaryOnly`	no	`bool`	Collect only aggregated index stats across all indexes (default: `false`)
`indexStatsMasterOnly`	no	`bool`	Collect index stats only from primary node (default: `true`)
`enableClusterHealth`	no	`bool`	Activates reporting on the cluster health (default: `true`)
`clusterHealthStatsMasterOnly`	no	`bool`	Whether or not non primary nodes should report cluster health (default: `true`)
`enableEnhancedHTTPStats`	no	`bool`	Activate enhanced HTTP stats (default: `false`)
`enableEnhancedJVMStats`	no	`bool`	Activate enhanced JVM stats (default: `false`)
`enableEnhancedProcessStats`	no	`bool`	Activate enhanced Process stats (default: `false`)
`enableEnhancedThreadPoolStats`	no	`bool`	Activate enhanced ThreadPool stats (default: `false`)
`enableEnhancedTransportStats`	no	`bool`	Activate enhanced Transport stats (default: `false`)
`enableEnhancedNodeIndicesStats`	no	`list of strings`	Activate enhanced node level index stats groups. A list of index stats groups for which to collect enhanced stats
`threadPools`	no	`list of strings`	ThreadPools to report threadpool node stats on (default: `[search index]`)
`enableEnhancedClusterHealthStats`	no	`bool`	Activate Cluster level stats. These stats report only from primary Elasticserach nodes. (default: `false`)
`enableEnhancedIndexStatsForIndexGroups`	no	`list of strings`	Activate enhanced index level index stats groups. A list of index stats groups for which to collect enhanced stats
`enableIndexStatsPrimaries`	no	`bool`	To activate index stats from only primary shards. By default, the index stats collected are aggregated across all shards. (default: `false`)
`metadataRefreshIntervalSeconds`	no	`integer`	How often to refresh metadata about the node and cluster (default: `30`)

Advanced configuration examples

Enhanced (custom) metrics

The elasticsearch integration collects a subset of node stats of JVM, process, HTTP, transport, indices, and thread pool stats. It is possible to activate enhanced stats for each stat group separately. Note that these metrics get categorized under the custom group if you are on host-based pricing. This is an example of a configuration that collects enhanced (custom) metrics:

monitors:
- type: elasticsearch
  host: localhost
  port: 9200
  enableEnhancedHTTPStats: true
  enableEnhancedJVMStats: true
  enableEnhancedProcessStats: true
  enableEnhancedThreadPoolStats: true
  enableEnhancedTransportStats: true
  enableEnhancedNodeIndicesStats:
   - indexing
   - warmer
   - get

The enableEnhancedNodeIndicesStats option takes a list of index stats groups for which enhanced stats will be collected. See Nodes stats API for a comprehensive list of all available groups.

Note that the enableEnhancedIndexStatsForIndexGroups configuration option is similar to the enableEnhancedNodeIndicesStats configuration option, but for index level stats.

Thread pools

By default, thread pool statistics from the "search" and "index" thread pools are collected. To collect stats from other thread pools, specify the threadPools configuration option, as shown in the following example:

monitors:
- type: elasticsearch
  host: localhost
  port: 9200
  threadPools:
  - bulk
  - warmer
  - listener

The following is a list of valid thread pools by Elasticsearch version:


Thread pool name	ES 1.x	ES 2.0	ES 2.1+
merge	✓
optimize	✓
bulk	✓	✓	✓
flush	✓	✓	✓
generic	✓	✓	✓
get	✓	✓	✓
snapshot	✓	✓	✓
warmer	✓	✓	✓
refresh	✓	✓	✓
fetch_shard_started		✓	✓
fetch_shard_store		✓	✓
listener		✓	✓
management		✓	✓
percolate		✓	✓
suggest		✓	✓
force_merge			✓

Collecting index statistics

By default, the configuration parameter indexes is empty, which means that stats are collected on all indexes. To collect statistics from a subset of indexes, set the configuration parameter indexes to a list of the index names you want to collect stats for.

The call to collect index statistics can be CPU-intensive. For this reason, use the indexStatsIntervalSeconds configuration parameter to decrease the reporting interval for nodes that report index statistics.

Primaries versus total

By default, the integration collects a subset of index stats of total aggregation type. The total for an index stat aggregates across all shards, whereas primaries only reflect the stats from primary shards. It is possible to activate index stats of only primaries aggregation type. The following is an example configuration that shows how to index stats from primary shards:

monitors:
- type: elasticsearch
  host: localhost
  port: 9200
  enableIndexStatsPrimaries: true

Metrics

The following metrics are available for this integration:

https://raw.githubusercontent.com/signalfx/splunk-otel-collector/main/internal/signalfx-agent/pkg/monitors/elasticsearch/stats/metadata.yaml

Notes

To learn more about the available in Splunk Observability Cloud see Metric types.
In host-based subscription plans, default metrics are those metrics included in host-based subscriptions in Splunk Observability Cloud, such as host, container, or bundled metrics. Custom metrics are not provided by default and might be subject to charges. See Metric categories for more information.
In MTS-based subscription plans, all metrics are custom.
To add additional metrics, see how to configure extraMetrics in Add additional metrics.

Troubleshooting

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Submit a case in the Splunk Support Portal.
Contact Splunk Support.

Available to prospective customers and free trial users

Ask a question and get answers through community support at Splunk Answers.
Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups.

Documentation