How to Monitor System Performance with Ubuntu Filebeat
First, ensure Filebeat is installed on your Ubuntu system. You can install it via the official Elastic APT repository for the latest version:
# Add Elastic APT key and repository
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
# Update package list and install Filebeat
sudo apt-get update && sudo apt-get install filebeat -y
This sets up Filebeat with default configurations, ready for customization.
Filebeat includes pre-built modules for monitoring system performance metrics (e.g., CPU, memory, disk, network). These modules simplify configuration by auto-defining inputs, processors, and dashboards. To enable system monitoring:
# Navigate to the modules directory
cd /etc/filebeat/modules.d
# Enable system modules (disable "disable: true" in each file)
sudo nano system.yml # Set "enabled: true"
sudo nano system-logs.yml # Set "enabled: true"
# Example: Enable disk metrics collection every 10 seconds
sudo sed -i 's/enabled: false/enabled: true/' system-disk.yml
sudo sed -i 's/period: 1m/period: 10s/' system-disk.yml
Common system modules include:
system: Collects CPU, memory, process, and load metrics.system-logs: Gathers system logs (e.g., /var/log/syslog, /var/log/kern.log).system-disk: Tracks disk I/O and usage statistics.Send collected metrics to a backend for storage and analysis. The most common setup is Elasticsearch (for indexing) + Kibana (for visualization):
# Edit the Filebeat configuration file
sudo nano /etc/filebeat/filebeat.yml
# Configure Elasticsearch output (replace with your ES host)
output.elasticsearch:
hosts: ["localhost:9200"]
index: "filebeat-system-%{+yyyy.MM.dd}"
# Optional: Use Logstash as an intermediary (uncomment if needed)
# output.logstash:
# hosts: ["localhost:5044"]
For testing, you can also output to the console:
output.console:
pretty: true
Save changes and test the configuration:
sudo filebeat test config -e
This ensures there are no syntax errors.
Launch Filebeat and configure it to start on boot:
# Start Filebeat service
sudo systemctl start filebeat
# Enable Filebeat to start automatically on system reboot
sudo systemctl enable filebeat
# Check Filebeat status (should show "active (running)")
sudo systemctl status filebeat
Verify logs for startup errors:
sudo tail -f /var/log/filebeat/filebeat
If using Elasticsearch and Kibana, create visualizations to monitor system performance:
http://<your-server-ip>:5601 in a browser.filebeat-system-*, and select the timestamp field (e.g., @timestamp).To handle high log volumes efficiently, adjust these key configurations in /etc/filebeat/filebeat.yml:
filestream Input: More efficient than the legacy log input (recommended for Filebeat 7.0+).filebeat.inputs:
- type: filestream
enabled: true
paths:
- /var/log/*.log
bulk_max_size to send more data per batch (reduces network overhead).output.elasticsearch:
bulk_max_size: 512 # Default is 2048; adjust based on your network
queue.type: persisted
queue.max_bytes: 10gb # Adjust based on available disk space
filebeat.inputs:
- type: filestream
harvester_limit: 100 # Default is 0 (unlimited); set based on CPU cores
Track Filebeat’s health and performance using built-in tools:
sudo systemctl status filebeat
sudo tail -f /var/log/filebeat/filebeat
curl http://localhost:8080/stats
monitoring section in filebeat.yml:monitoring:
enabled: true
elasticsearch:
hosts: ["localhost:9200"]
By following these steps, you can effectively use Ubuntu Filebeat to monitor system performance, collect critical metrics, and visualize them for actionable insights. Adjust configurations based on your system’s scale and requirements to ensure optimal performance.