diff --git a/docs/en/observability/images/anomalies-overlay.png b/docs/en/observability/images/anomalies-overlay.png index 096de18ceb..5f4c28720a 100644 Binary files a/docs/en/observability/images/anomalies-overlay.png and b/docs/en/observability/images/anomalies-overlay.png differ diff --git a/docs/en/observability/images/hosts-open-in-lens.png b/docs/en/observability/images/hosts-open-in-lens.png index cd37372e80..dbadc02bb3 100644 Binary files a/docs/en/observability/images/hosts-open-in-lens.png and b/docs/en/observability/images/hosts-open-in-lens.png differ diff --git a/docs/en/observability/images/logs-overlay.png b/docs/en/observability/images/logs-overlay.png index 8b2e538cb2..002656477d 100644 Binary files a/docs/en/observability/images/logs-overlay.png and b/docs/en/observability/images/logs-overlay.png differ diff --git a/docs/en/observability/images/metadata-overlay.png b/docs/en/observability/images/metadata-overlay.png index 71a61f565e..0ab8c94952 100644 Binary files a/docs/en/observability/images/metadata-overlay.png and b/docs/en/observability/images/metadata-overlay.png differ diff --git a/docs/en/observability/images/metrics-overlay.png b/docs/en/observability/images/metrics-overlay.png index 4d40b434d4..5bfcb52309 100644 Binary files a/docs/en/observability/images/metrics-overlay.png and b/docs/en/observability/images/metrics-overlay.png differ diff --git a/docs/en/observability/images/overview-overlay.png b/docs/en/observability/images/overview-overlay.png new file mode 100644 index 0000000000..ae501da1e6 Binary files /dev/null and b/docs/en/observability/images/overview-overlay.png differ diff --git a/docs/en/observability/images/universal-profiling-overlay.png b/docs/en/observability/images/universal-profiling-overlay.png index aca2f81daf..94c0e05ca9 100644 Binary files a/docs/en/observability/images/universal-profiling-overlay.png and b/docs/en/observability/images/universal-profiling-overlay.png differ diff --git a/docs/en/observability/monitor-infra/analyze-hosts.asciidoc b/docs/en/observability/monitor-infra/analyze-hosts.asciidoc index 8617802465..0c7331c359 100644 --- a/docs/en/observability/monitor-infra/analyze-hosts.asciidoc +++ b/docs/en/observability/monitor-infra/analyze-hosts.asciidoc @@ -30,7 +30,8 @@ include::view-infrastructure-metrics.asciidoc[tag=add-metrics-tip] The **Hosts** page provides several ways to view host metrics: * Overview tiles show the number of hosts returned by your search plus -averages of key metrics, including CPU usage, memory usage, and throughput. +averages of key metrics, including CPU usage, normalized load, and memory usage. +Max disk usage is also shown. * The Host limit controls the maximum number of hosts shown on the page. The default is 50, which means the page shows data for the top 50 hosts based on the most recent timestamps. You can increase the host limit to see data for more @@ -39,7 +40,7 @@ hosts, but doing so may impact query performance. for any hosts with active alerts. You may need to page through the list or change the number of rows displayed on each page to see all of your hosts. * Each host name is an active link to a <> page, -which includes metrics, host metadata, alerts, processes, logs, and anomalies. +where you can explore enhanced metrics and other observability data related to the selected host. You can optionally open the host details in an overlay. * Table columns are sortable, but note that the sorting behavior is applied to the already returned data set. @@ -85,35 +86,14 @@ To learn more about filtering data in {kib}, refer to [[analyze-hosts-inspect-data]] == View metrics -On the **Metrics** tab, view metrics trending over time, including normalized load, -CPU usage, memory usage, network inbound, network outbound, disk read IOPS, and -disk write IOPS. Place your cursor over a line to view metrics at a specific -point in time. From within each visualization, you can choose to inspect -and download the metrics or open the visualization in Lens. +On the **Metrics** tab, view metrics trending over time, including CPU usage, +normalized load, memory usage, disk usage, and other metrics related to disk IOPs and throughput. +Place your cursor over a line to view metrics at a specific +point in time. From within each visualization, you can choose to open the visualization in Lens. To see metrics for a specific host, refer to <>. -[discrete] -[[inspect-metrics]] -=== Inspect and download metrics - -You can access a text-based view of the data underlying -your metrics visualizations and optionally download the data to a -comma-separated (CSV) file. - -Hover your cursor over a visualization, then in the upper-right corner, click -the ellipsis icon to inspect the data. - -[role="screenshot"] -image::images/hosts-inspect.png[Screenshot showing option to inspect data] - -In the flyout, click **Download CSV** to download formatted or raw data to a CSV -file. - -Notice that you can change the view to **View: Requests** to explore the request -used to fetch the data and the response returned from {es}. You can click links -to further inspect and analyze the request in the **Dev Console** or -**Search Profiler**. +//TODO: Figure out if this section is required. The Inspect option no longer appears on the menu where expected. Remove this section if this is no longer an option. [discrete] [[analyze-hosts-open-in-lens]] @@ -199,8 +179,7 @@ The host details overlay contains the following tabs: include::host-details-partial.asciidoc[] -NOTE: These metrics are also available when viewing hosts on the **Inventory** -page. +NOTE: The metrics shown on the **Hosts** page are also available when viewing hosts on the **Inventory** page. [discrete] [[analyze-hosts-why-dashed-lines]] diff --git a/docs/en/observability/monitor-infra/host-details-partial.asciidoc b/docs/en/observability/monitor-infra/host-details-partial.asciidoc index bbd7025008..0e9ed2e47d 100644 --- a/docs/en/observability/monitor-infra/host-details-partial.asciidoc +++ b/docs/en/observability/monitor-infra/host-details-partial.asciidoc @@ -3,27 +3,26 @@ .*Overview* ==== -[role="screenshot"] -image::images/metrics-overlay.png[Host metrics] - -The *Overview* tab displays metrics about the selected host, including CPU usage, -normalized load, memory usage, disk usage, network traffic, and the log rate. +The *Overview* tab displays key metrics about the selected host, such as CPU usage, +normalized load, memory usage, and max disk usage. Change the time range to view metrics over a specific period of time. +Expand each section to view more detail related to the selected host, such as metadata, +active alerts, services detected on the host, and metrics. + Hover over a specific time period on a chart to compare the various metrics at that given time. -Expand the **Alerts** section to see alerts related to the selected host. +Click **Show all** to drill down into related data. +[role="screenshot"] +image::images/overview-overlay.png[Host overview] ==== [%collapsible] .*Metadata* ==== -[role="screenshot"] -image::images/metadata-overlay.png[Host metadata] - The *Metadata* tab lists all the meta information relating to the host: * Host information @@ -31,14 +30,26 @@ The *Metadata* tab lists all the meta information relating to the host: * Agent information All of this information can help when investigating events—for example, filtering by operating system or architecture. + +[role="screenshot"] +image::images/metadata-overlay.png[Host metadata] ==== [%collapsible] -.*Processes* +.*Metrics* ==== +//TODO: Confirm that this tab also appears in the Infrastructure view. If it doesn't this section will need to be wrapped in a conditional block. + +The *Metrics* tab shows host metrics organized by type and is more complete than the view available in the *Overview* tab. + [role="screenshot"] -image::images/processes-overlay.png[Host processes] +image::images/metrics-overlay.png[Metrics] +==== + +[%collapsible] +.*Processes* +==== The *Processes* tab lists the total number of processes (`system.process.summary.total`) running on the host, along with the total number of processes in these various states: @@ -66,15 +77,15 @@ The number of top processes is controlled by `process.include_top_n.by_cpu` and `idle`, `zombie`, and `unknown`. |=== + +[role="screenshot"] +image::images/processes-overlay.png[Host processes] ==== [%collapsible] .*Universal Profiling* ==== -[role="screenshot"] -image::images/universal-profiling-overlay.png[Host Universal Profiling] - The *Universal Profiling* tab shows CPU usage down to the application code level. From here, you can find the sources of resource usage, and identify code that can be optimized to reduce infrastructure costs. The Universal Profiling tab has the following views. @@ -89,15 +100,15 @@ The Universal Profiling tab has the following views. For more on Universal Profiling, refer to the <> docs. +[role="screenshot"] +image::images/universal-profiling-overlay.png[Host Universal Profiling] + ==== [%collapsible] .*Logs* ==== -[role="screenshot"] -image::images/logs-overlay.png[Host logs] - The *Logs* tab displays logs relating to the host that you have selected. By default, the logs tab displays the following columns. |=== @@ -114,16 +125,16 @@ base field, `message`, is used. You can customize the logs view by adding a column for an arbitrary field you would like to filter by. For more information, refer to <>. To view the logs in the {logs-app} for a detailed analysis, click *Open in Logs*. + +[role="screenshot"] +image::images/logs-overlay.png[Host logs] ==== [%collapsible] .*Anomalies* ==== -[role="screenshot"] -image::images/anomalies-overlay.png[Anomalies] - -The *Anomalies* table displays a list of each single metric {anomaly-detect} job for the specific host. By default, anomaly +The *Anomalies* tab displays a list of each single metric {anomaly-detect} job for the specific host. By default, anomaly jobs are sorted by time, showing the most recent jobs first. Along with the name of each anomaly job, detected anomalies with a severity score equal to 50, or higher, are listed. These @@ -133,6 +144,9 @@ the actual value and the expected ("typical") value of the host metric in the an To drill down and analyze the metric anomaly, select *Actions -> Open in Anomaly Explorer* to view the {ml-docs}/ml-gs-results.html[Anomaly Explorer in {ml-app}]. You can also select *Actions -> Show in Inventory* to view the host Inventory page, filtered by the specific metric. + +[role="screenshot"] +image::images/anomalies-overlay.png[Anomalies] ==== [%collapsible] @@ -146,9 +160,6 @@ that includes the {integrations-docs}/osquery_manager.html[Osquery Manager] integration and have Osquery {kibana-ref}/kibana-privileges.html[{kib} privileges] as a user. ===== -[role="screenshot"] -image::images/osquery-overlay.png[Osquery] - The *Osquery* tab allows you to build SQL statements to query your host data. You can create and run live or saved queries against the {agent}. Osquery results are stored in {es} @@ -172,4 +183,7 @@ Other options include: * View the results in full screen mode. * Add, remove, reorder, and resize columns. * Sort field names in ascending or descending order. + +[role="screenshot"] +image::images/osquery-overlay.png[Osquery] ====