Add system socket MetricSet #3246
Merged
Commits on Jan 2, 2017
-
The system.socket metricset reports an event for each new TCP socket that it sees. It does this by polling the kernel to get a dump of all sockets. So using a short polling interval with this metricset is important to not miss short lived connections. The metricset reports the process that has the socket open. It does this by associating the socket's inode to the process that has a file descriptor open pointing to the socket's inode. It reads /proc and /proc/<pid>/fd just prior to polling the kernel to get all sockets. A reverse lookup can be performed by the metricset on the remote IP and the returned hostname will be added to the event and cached. The is disabled by default and can be enabled through the configuration. If a hostname is found then the eTLD+1 (effective top-level domain plus one level) value will also be added to the event. For the IP address fields the index template for Elasticsearch 5.x uses the ip field type. But for Elasticsearch 2.x it uses string because the ip field type in 2.x does not support IPv6 addresses.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.