Understanding Elastic Heartbeat time metrics – TCP

Following on the part I of this series that discussed ICMP,  the focus of this post is the Elastic Heartbeat time metrics – TCP Monitors.

Monitors Configuration

In order to understand the Heartbeat TCP  monitor time metrics I’ve set up the following monitors:

  • tcp_simple – establishes connection with test.smtp.org on port 25.
  • tcp_check_resolve – verifies receiving a 220 response from the same server after connecting

You can see the extract from the heartbeat.yml configuration file relevant to these TCP monitors

The data returned by the monitors

After letting it run for a while  let’s check what data Heartbeat is sending to Elasticsearch

For the tcp_simple monitor

For the tcp_check_resolve monitor

Time Metrics

The tcp_simple monitor has only 3 time metrics – durationresolve_rtt and tcp_connect_rtt. While the more “complex” tcp_check_resolve monitor has an additional validate_rtt. The first 3 metrics description will be almost the same as for the ICMP Monitor metrics while the validate_rtt is “new” to us.

  • duration – Total monitoring test duration
  • resolve_rtt – Duration required to resolve an IP from hostname.
  • tcp_connect_rtt – Duration required to establish a TCP connection based on already available IP address.
  • validate_rtt –  Duration of validation step based on existing TCP connection.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.