# Metricbeat ### Download Metricbeat #### Linux Download metricbeat using below bash script: [`https://www.elastic.co/downloads/past-releases/metricbeat-8-4-3`](https://www.elastic.co/downloads/past-releases/metricbeat-8-4-3) ```bash curl https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.4.3-linux-x86_64.tar.gz -o metricbeat.tar.gz tar -xf metricbeat.tar.gz mv metricbeat-8.4.3-linux-x86_64 metricbeat rm metricbeat.tar.gz ``` #### Windows Download metricbeat using Powershell script: {% code overflow="wrap" %} ```powershell $ProgressPreference = 'SilentlyContinue' Invoke-WebRequest -Uri https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.4.3-windows-x86_64.zip -OutFile mbeat.zip Expand-Archive .\mbeat.zip mv ./mbeat/metricbeat-8.4.3-windows-x86_64/ ./metricbeat rm -r ./mbeat rm ./mbeat.zip cd ./metricbeat ``` {% endcode %} ### Configure Metricbeat Edit metricbeat.yml, use the below metricbeat configuration, we need to customise this according to your requirements, explained in details about each section below. The complete metricbeat configuration can be found [here](https://www.elastic.co/guide/en/beats/metricbeat/current/configuring-howto-metricbeat.html) ```yaml metricbeat.config.modules: # Glob pattern for configuration loading path: ${path.config}/modules.d/*.yml # Set to true to enable config reloading reload.enabled: true # Period on which files under path should be checked for changes #reload.period: 10s setup.template.enabled: false setup.dashboards.enabled: false setup.ilm.enabled: false setup.kibana: # ================================== Outputs =================================== # Configure what output to use when sending the data collected by the beat. #output.console: # pretty: true # ---------------------------- Elasticsearch Output ---------------------------- output.elasticsearch: # Array of hosts to connect to. allow_older_versions: true hosts: ["beats-ingester-gcpdev.packetai.co:443"] protocol: https path: /elasticsearch/mb compression_level: 9 index: "es" headers: X-PAI-IID: YOUR_PAI_IID X-PAI-TOKEN: YOUR_PAI_TOKEN # ================================= Processors ================================= # Configure processors to enhance or manipulate events generated by the beat. processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~ - add_fields: fields: clusterName: YOUR_CLUSTER_NAME target: fields ``` **`metricbeat modules`**: * To enable the windows module, please run the below command. * `metricbeat.exe modules enable windows` * There are multiple modules available on metricbeat, they can be enabled to similar to the above command, the list of available modules are listed [here](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html). * The list of enabled modules are available in `modules.d` directory * To disable a module we need to run this command: `metricbeat.exe modules disable windows` **`output.elasticsearch`**`:` * `hosts`: Make sure that your hosts entries are correct. `hosts: ["beats-ingester-logpatterns.packetai.co:443"]` **change URL if your PacketAI URL's are different** * compression\_level is between 0 to 9, 0 being no compression at all, and 9 being best compression, we would suggest to use the value 6. higher compression values means higher cpu usage and lower network usage. * `headers` sub section needs to update according to you `PAI_IID` *and* `PAI_TOKEN`. you can get them on packetai after login, and under the section of `Deploy PacketAI / Agent` **`processors:`** * We need to modify the YOUR\_CLUSTER\_NAME *with* appropriate cluster name*.* clusterName can be used to manage the retention period on PacketAI managed. *Please note that* clusterName *cannot contain character "-".* **Currently this field is mandatory.** * add\_*cloud\_metadata: \~* is optional, this adds the metadata of the cloud. i.e. region, zone, machine\_id etc... * add\_docker\_metadata is optional, this also docker metadata, docker container name, image name, docker labels, etc.... This extra metadata will increase the index size at PacketAI. ### Installation of Metricbeat **Linux:** We could run the metricbeat with the below command to start the metricbeat, we need to install a service, if we want to automatically start the metricbeat service on system startup. ``` ./metricbeat -c metricbeat.yml ``` systemd service file (`metricbeat.service`): Here we are assuming that metricbeat is located at /opt/metricbeat, if the metricbeat is located somewhere please update the metricbeat.service file to reflect the same. ```systemd # metricbeat.service [Unit] Description=metricbeat After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=simple ExecStart=/opt/metricbeat/metricbeat -c metricbeat.yml Restart=on-failure WorkingDirectory=/opt/metricbeat [Install] WantedBy=multi-user.target ``` copy the file to `/etc/systemd/system` directory, and run the below commands. In ``` // Some code systemctl enable metricbeat systemctl start metricbeat ``` **Windows:** In order to install the metricbeat on Windows, we need to run the below command, in metricbeat folder. ``` ./install-service-metricbeat.ps1 Start-Service metricbeat ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://packetai.gitbook.io/packetai-autonomous-it-monitoring/set-up/metricbeat.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.