Monitoring Archives - ISbyR

Use ChatGPT to generate sample monitoring data

Ilya Reshetnikov — Fri, 22 Sep 2023 06:48:28 +0000

I wanted to get some sample data and was too lazy to use generators or to craft it by hand, so I decided to try and use ChatGPT to generate sample monitoring data.

Started with this prompt

act as an application and infracture monitoring platform synthetic data generator. All you responses need to be in a valid JSON format.
Generate CPU performance metrics for 5 servers over last 24 hours

The result was actually OK

However, it provided the samples grouped by a server, which is the opposite of what I wanted. I wanted to see a timestamp of the sample and then the samples from all the servers.

Prompt #2

rearrange it so that it will be grouped by timestamp first and the server

It worked!

But I’ve noticed that in both times it gave me only measurements over the first 5 hours.

So here goes prompt #3

recreate it to have at least 24 unique timestamps

And voila. It works! I was able to use ChatGPT to generate sample monitoring data in 2 minutes (it would have been quicker, but I had to click “continue generating” a few times as I think it was reaching the limit of the token size.)

Let’s see, what if I want also to have some samples for Memory utilisation, prompt #4

repeat the same for memory metrics

Good ChatGPT!

Now l want to combine both (CPU and Memory) metrics to appear together. Prompt # (aaa forgot what number it is, probably I’ve reached my own token limit )

combine both CPU and Memory metrics

Amazing!!!!

Understanding Elastic Heartbeat time metrics – TCP

Ilya Reshetnikov — Wed, 20 Mar 2019 19:13:56 +0000

Following on the part I of this series that discussed ICMP, the focus of this post is the Elastic Heartbeat time metrics – TCP Monitors.

Monitors Configuration

In order to understand the Heartbeat TCP monitor time metrics I’ve set up the following monitors:

tcp_simple – establishes connection with test.smtp.org on port 25.
tcp_check_resolve – verifies receiving a 220 response from the same server after connecting

You can see the extract from the heartbeat.yml configuration file relevant to these TCP monitors

- type: tcp
  name: tcp_simple
  schedule: '@every 60s'
  hosts: ["test.smtp.org:25"]

- type: tcp
  name: tcp_check_resolve
  schedule: '@every 60s'
  hosts: ["test.smtp.org:25"]
  check.receive: "220 test.smtp.org ESMTP Sendmail 8.16.0.16 ready"

The data returned by the monitors

After letting it run for a while let’s check what data Heartbeat is sending to Elasticsearch

For the tcp_simple monitor

{
  "@timestamp": "2018-03-18T19:28:23.336Z",
  "beat": {
    "hostname": "DESKTOP-9LR2P8D",
    "name": "DESKTOP-9LR2P8D",
    "version": "5.6.1"
  },
  "duration": {
    "us": 937865
  },
  "host": "test.smtp.org",
  "ip": "52.2.168.164",
  "monitor": "tcp_simple-plain@test.smtp.org:25",
  "port": "25",
  "resolve_rtt": {
    "us": 654323
  },
  "scheme": "tcp",
  "tcp_connect_rtt": {
    "us": 282543
  },
  "type": "tcp_simple",
  "up": true
}

For the tcp_check_resolve monitor

{
  "@timestamp": "2018-03-18T19:28:23.336Z",
  "beat": {
    "hostname": "DESKTOP-9LR2P8D",
    "name": "DESKTOP-9LR2P8D",
    "version": "5.6.1"
  },
  "duration": {
    "us": 6892437
  },
  "host": "test.smtp.org",
  "ip": "52.2.168.164",
  "monitor": "tcp_check_resolve-plain@test.smtp.org:25",
  "port": "25",
  "resolve_rtt": {
    "us": 654323
  },
  "scheme": "tcp",
  "tcp_connect_rtt": {
    "us": 283541
  },
  "type": "tcp_check_resolve",
  "up": true,
  "validate_rtt": {
    "us": 5954572
  }
}

Time Metrics

The tcp_simple monitor has only 3 time metrics – duration, resolve_rtt and tcp_connect_rtt. While the more “complex” tcp_check_resolve monitor has an additional validate_rtt. The first 3 metrics description will be almost the same as for the ICMP Monitor metrics while the validate_rtt is “new” to us.

duration – Total monitoring test duration
resolve_rtt – Duration required to resolve an IP from hostname.
tcp_connect_rtt – Duration required to establish a TCP connection based on already available IP address.
validate_rtt – Duration of validation step based on existing TCP connection.

Visualisation

TBC

The post Understanding Elastic Heartbeat time metrics – TCP appeared first on ISbyR.

Understanding Elastic Heartbeat time metrics – ICMP

Ilya Reshetnikov — Thu, 19 Oct 2017 05:37:24 +0000

I wanted to play a little with Grafana while having Elasticsearch as a back-end and decided to use Elastic Heartbeat as my data generator. It’s an easy, no fuss, to set up the Heartbeat itself as well as the first Heartbeat HTTP monitor, but when I saw all the available Heartbeat time metrics for the HTTP monitor I got a bit overwhelmed. So decided to to gradually progress from ICMP through TCP and finally to HTTP Heartbeat monitors and that the way this post is going to evolve as well:

Part 1 – Elasticsearch Heartbeat ICMP time metrics
Part 2 – Elasticsearch Heartbeat TCP time metrics (work in progress)
Part 3 – Elasticsearch Heartbeat HTTP time metrics (work in progress)

Monitors Configuration In order to understand the Heartbeat ICMP monitor time metrics I’ve set up a simple monitor, that “pings” localhost and 127.0.0.1. You might say: “Wait a second, aren’t these that same?”, but you will see the reason why I set it up this way soon. You can see the extract from the heartbeat.yml configuration file relevant to the ICMP monitor

- type: icmp

  # List or urls to query
  hosts: ["localhost", "127.0.0.1"]

  # Configure task schedule
  schedule: '@every 60s'

  # Configure IP protocol types to ping on if hostnames are configured.
  # Ping all resolvable IPs if `mode` is `all`, or only one IP if `mode` is `any`.
  ipv4: true
  ipv6: false
  mode: all

  # Total running time per ping test.
  timeout: 16s

  # Waiting duration until another ICMP Echo Request is emitted.
  wait: 1s

The data returned by the monitors After letting it run for a while let’s check what data Heartbeat is sending to Elasticsearch For the 127.0.0.1 monitor

{
  "@timestamp": "2017-10-17T05:36:25.687Z",
  "beat": {
    "hostname": "DESKTOP-123456",
    "name": "DESKTOP-123456",
    "version": "5.6.1"
  },
  "duration": {
    "us": 0
  },
  "icmp_rtt": {
    "us": 0
  },
  "ip": "127.0.0.1",
  "monitor": "icmp-ip@127.0.0.1",
  "type": "icmp",
  "up": true
}

For the localhost monitor

{
  "@timestamp": "2017-10-17T05:36:25.687Z",
  "beat": {
    "hostname": "DESKTOP-123456",
    "name": "DESKTOP-123456",
    "version": "5.6.1"
  },
  "duration": {
    "us": 1007
  },
  "host": "localhost",
  "icmp_rtt": {
    "us": 501
  },
  "ip": "127.0.0.1",
  "monitor": "icmp-host-ip4@localhost",
  "resolve_rtt": {
    "us": 506
  },
  "type": "icmp",
  "up": true
}

Time metrics We can see that there are only 3 values that have are measured “us” (which suggest that these are time metrics)

duration
resolve_rtt
icmp_rtt

After going through some Elasticsearch Heartbeat docos that’s what I came up with:

duration – Total monitoring test duration

As I understand, it includes the time that Heartbeat actually reads the the monitor definition, executes it and has the final results

resolve_rtt – Duration required to resolve an IP from hostname

Since the first thing that Heartbeat needs to do is to understand which IP you want it to “ping” it tries to translate the hostname you’ve provided to a valid IP. By the way, if you are to provide an IP in the monitor settings, this step will not be require and the metric will exist no more.

icmp_rtt – ICMP Echo Request and Reply round trip time

The actual round trip time of the monitor. The timing starts the moment the client sent the request, and ends when it receives a reply from the server, so basically it includes network time (in each direction) + server time.

Visualization

As a bonus for those who have read it so for here are some nice shiny Kibana graphs to visualize the Heartbeat ICMP monitor duration metrics

Kibana graph for Elastic Heartbeat ICMP monitor that “pings” 127.0..0.1

Kibana graph for Elastic Heartbeat ICMP monitor that “pings” localhost

As you can see in the first graph we didn’t have the resolve_rtt metric since we were “pinging” a known IP, while in the second graph it appears since Heartbeat ICMP monitor needs to resolve the “localhost” to an IP.

Below is a visualization of a “ping” to google.com so and you can see that resolve_rtt would in “real life” be only a small fraction of the total duration (vs localhost scenario)

Kibana graph for Elastic Heartbeat ICMP monitor that “pings” google.com

In Part 2 I will go over the Elastic Heartbeat TCP Monitor time metrics and finally Part 3 will look into the HTTP ones

Please leave your comment if you think that anything is missing.

The post Understanding Elastic Heartbeat time metrics – ICMP appeared first on ISbyR.