diff --git a/docs/en/stack/monitoring/how-monitoring-works.asciidoc b/docs/en/stack/monitoring/how-monitoring-works.asciidoc index aafd39b5d..be9762f4e 100644 --- a/docs/en/stack/monitoring/how-monitoring-works.asciidoc +++ b/docs/en/stack/monitoring/how-monitoring-works.asciidoc @@ -2,13 +2,28 @@ [[how-monitoring-works]] == How monitoring works -Monitoring collects data from {es} nodes, Logstash nodes, and {kib} instances. -The {es} cluster you are monitoring controls where the monitoring metrics for -the entire stack are stored. By default, they are stored in local indices. In -production, we strongly recommend using a separate monitoring cluster. Using a -separate monitoring cluster prevents production cluster outages from impacting +Monitoring collects data from {es} nodes, Logstash nodes, and {kib} instances. + +In general, the {es} cluster you are monitoring controls where the monitoring +metrics for the stack are stored. By default, they are stored in local indices. + +In production, we strongly recommend using a separate monitoring cluster. Using +a separate monitoring cluster prevents production cluster outages from impacting your ability to access your monitoring data. It also prevents monitoring -activities from impacting the performance of your production cluster. +activities from impacting the performance of your production cluster. The +following diagram illustrates a typical monitoring architecture with separate +production and monitoring clusters: + +image::monitoring/images/architecture1.jpg[A typical monitoring environment] + +beta[] In 6.5 and later, you can use {metricbeat} to collect and ship data about +{kib}, rather than routing it through {es}. For example: + +image::monitoring/images/architecture4.png[A typical monitoring environment that includes {metricbeat}] + +If you have at least a gold license, you can route data from multiple production +clusters to a single monitoring cluster. For more information about the +differences between various subscription levels, see: https://www.elastic.co/subscriptions IMPORTANT: In general, the monitoring cluster and the clusters being monitored should be running the same version of the stack. A monitoring cluster cannot @@ -16,18 +31,10 @@ monitor production clusters running newer versions of the stack. If necessary, the monitoring cluster can monitor production clusters running older versions, but the versions cannot differ by more than one major version. -The following diagram illustrates a typical monitoring architecture with -separate production and monitoring clusters: - -image::monitoring/images/architecture1.jpg[A typical monitoring environment] - -If you have at least a Gold license, you can route data from multiple production -clusters to a single monitoring cluster: +If you use {kib} to visualize data and administer the cluster, you might want to +create a dedicated {kib} instance for monitoring, rather than using a single +{kib} instance to access both your production cluster and monitoring cluster: -image::monitoring/images/architecture2.jpg[A monitoring environment with multiple production clusters] +image::monitoring/images/architecture3.jpg[A monitoring environment with separate {kib} instances] -If {kib} is a regular part of your stack, you might want to create a dedicated -{kib} instance for monitoring, rather than using a single {kib} instance to -access both your production cluster and monitoring cluster: -image::monitoring/images/architecture3.jpg[A monitoring environment with separate {kib} instances] diff --git a/docs/en/stack/monitoring/images/architecture4.png b/docs/en/stack/monitoring/images/architecture4.png new file mode 100644 index 000000000..b52867956 Binary files /dev/null and b/docs/en/stack/monitoring/images/architecture4.png differ