Elasticsearch is a distributed, scalable search server that enables you to search through all kinds of documents. CloudWisdom can be used to monitor the performance of your Elasticsearch server. Additional configuration options are available below the instructions.


The Linux Agent must be installed before proceeding. If you need to disable the Linux integration or view the unique API key assigned to your account, navigate to the Integrations page under the user account drop-down menu and click the integration designated as Infrastructure under the Integration column.

  1. Navigate to the collectors folder, /opt/netuitive-agent/conf/collectors.

  2. Open the ElasticSearchCollector.conf file.

  3. Change the enabled setting to True. You can adjust the default settings as necessary depending on your environment, but note:

    • If you aren’t using a cluster or do not wish to collect several additional cluster metrics, you can change the cluster value to false.

    • logstash_mode should be set to True only if you are using logstash-formatted index names.

  4. Optionally, tweak the metrics blacklist or add a whitelist to reduce the number of metrics you receive. See our Regex Guide for examples.

  5. Save the file, and restart the Linux agent.

Collector Options






Enable collecting Elasticsearch metrics.



If indices stats are gathered, remove the YYYY.MM.DD suffix from the index name (e.g., logstash-adm-syslog-2014.01.03) and use that as a bucket for all ‘day’ index stats.



If this node is part of a cluster, the collector will collect metrics on the cluster health.





Default numeric output(s).


Hostname to collect from. Any protocol (e.g. http:// or https://) at the beginning of the url needs to be removed.


List of instances. When set, this overrides the “host” and “port” options. Instance format: instance [@][:]


Measure the collector’s run time in milliseconds.


Regex list to match metrics to transmit. Mutually exclusive with metrics_blacklist option.


Port to collect from.


http (default) or https.


Username for Basic/Shield auth.


Password for Basic/Shield auth.


Tells the collector which of the stats to collect. stats=jvm” would collect JVM metrics. ”stats=jvm,thread_pool” would collect JVM and thread pool metrics. ”stats=jvm,thread_pool,indices” would collect JVM, thread pool, and index metrics. You can have any combination of those 3 options. If you have a large number of indices (greater than 10), you should either change the “stats” setting to NOT collect indices or use the “metric_whitelist” or “metric_blacklist” options to filter the indices down to a smaller number.



Tells the collector whether or not an SSL certificate is required or should be verified. Examples: ssl_verify_mode = CERT_REQUIRED – required and validated ssl_verify_mode = CERT_NONE – not required ssl_verify_mode = CERT_OPTIONAL – not required, but validated if provided


Tells the collector whether or not to match the peer certificate hostname with the host hostname. The ssl-verify_modeoption must be set to CERT_OPTIONAL or CERT_REQUIRED. Examples: ssl_check_hostname = True ssl_check_hostname = False

Cluster Health Status

This feature is a GET API callout that retrieves a high-level status of your cluster’s health. GET _cluster/health will return a JSON response that provides key information about the shards and nodes it contains.

For a full breakdown and troubleshooting, see elastic's Cluster Health guide.

Available Statuses

  • Green: 2; Completely operational

  • Yellow: 1; Replicas are missing

  • Red: 0; Searches and indexing are affected by missing data