Can Graylog store and analyze system metrics like RAM or CPU usage?

Hey all,

Can Graylog store and analyze system metrics like RAM or CPU usage? The same kind of data you get via Metricbeat, Prometheus node_exporter, or CollectD.

I’m just starting to look at Graylog, and I haven’t been able to find an answer to my question.

Google sends me to docs talking about monitoring the Graylog instance itself. I’d like to monitor all my servers.

The closest I’ve found in the forums is that some people are configuring Metricbeat to send data to Graylog.

So it sounds like it might be possible.

If it is, could you point me at the right documentation? I’m apparently completely missing it when I search or browse

Thanks in advance!

Hi David
If you want to control all your servers
in my idea , you should use both tools, because both of them will use for different things.
Any way , Metricbeat also provides very good details about the state of the hardware

Thanks for the response.

Using both tools isn’t something I want to do. The ELK stack is actually very good at both logs and metrics. The issue is that it’s very hard to manage when you have limited resources like I do. I’ve had my test cluster break with odd errors multiple times. This last time got me looking for alternatives.

Have both metrics and logs in the same system should provide a level of insight that having them separate wouldn’t be able to match.

Hey @jerrac, welcome!

Are you looking for something like this?

We have developed a custom process which captures and send this information to Graylog, per the monitoring guidelines @jan prescribesin his very helpful blog post on the topic. There were a few gotchas for setting it up but it’s mostly straightforward. We also alert off of this data, and we can extend it to other servers if we desire.

I can describe what we did if it seems like what you’re looking for. It’s all entirely in-house developed but it wasn’t complicated.

That is similar to what I’m after.

Can I guess that you effectively store your metrics as log messages in Graylog, then you configured the graphs all yourself based on those messages?

So, Graylog doesn’t come with metrics support out of the box?

Graylog provides metrics for itself and some for elasticsearch. It doesn’t track metrics for the host. We aggregated the metrics via the API for Graylog/ES and shell scripting for the host, configured an index mapping for the fields, and then built the dashboard and alerts.

1 Like

I’m happy to go in more specific detail if you decide to dig in more. You can reply here or shoot me a message directly.

Thanks for the offer! I’m way to early into my investigation of Graylog for that, though. :slight_smile: If it looks like we’re getting serious about it, I’ll drop you a note.

Hello man
You can use Zabbix, end send her logs to graylog!

1 Like

The monitoring system’s task to collect performacne data. It’s good if graylog also can handle it, but it’s a bit difficult to get notification from a fully stopped graylog (at the worst case…)
So I suggest use everything as it as invented it… GrayLOG collects log. The monitoring system collects performance data, and alert if it has problem.
@ttsandrew 's pics looks very good, so it could be a good eyecandy, and maybe better to check it then a nagios/zabbix’s graphs. You can hit a nail with your shoe or with hammer…
(maybe I’m a bit old to use everything to everything :slight_smile: I like to use every program to it’s tasks)


I consider logs as part of monitoring. One of my goals is to have a dashboard for my apache servers that shows logs and metrics at the same time. Then, if there’s a spike in system resource usage, and it’s caused by a bunch of apache errors, I’d see that right away.

So, yeah, I find it odd that so many monitoring applications don’t collect both logs and metrics…