Monitoring origins: Where we are today

Monitoring origins 2
09Jun

Monitoring origins: Where we are today

By Sysbee Blog , , , , , , , , , 0 Comments

Continuing on our last blog post Monitoring origins: Where it all began, in this post, we’ll be discussing the most popular monitoring setups currently used by IT technicians around the world.

Today, TSDBs dominate the monitoring world. TSDBs are specialized databases designed to store large amounts of time-indexed data.

We can say that both RRD and carbon/whisper belonged to the definition of TSDB as well. However, the term became a buzzword only around 2013 with the appearance of two significant players in the field, InfluxDB and Prometheus.

Influxdb vs Prometheus

Essentially, both databases have the task of collecting metrics. They both do it exceptionally well, and we can easily say that they both have an equally enviable performance – specific benchmarks show ingestion rates of over 300,000 metrics per second on commodity hardware.

From our perspective, InfluxDB is much more similar to the model we’re used to working with so far. InfluxDB offers us some additional benefits that we feel are essential in developing business solutions, so we’ll be focusing on the TICK stack during the rest of this post.

Most things can be very easily accomplished similarly through Prometheus.

Below you can see a quick side-by-side comparison of both models.

InfluxDB logo small
  • OpenCore
  • HA support (paid version)
  • Kapacitor
  • Push
  • Single binary collector
  • Interoperability
  • Multiple databases per server
  • Numeric + String
  • Rollup
Prometheus logo small
  • OpenSource
  • Large fast growing community
  • AlertManager
  • Pull
  • Multiple exporters
  • Slightly better PromQL
  • Numeric

TICK Stack

TICK is an abbreviation of the InfluxData product group: Telegraf, Influx, Chronograf and Capacitor.

Telegraf

The Telegraf is a single go binary agent that contains over 200+ available plugins for collecting metrics from various sources. After collecting the metrics, the Telegraf sends those metrics via  HTTP protocol to InfluxDB. In addition to standard plugins, it is also very easy to extend metric collection through custom executables.

Telegraf diagram

For example, if we were to collect data from PowerDNS via custom shell script, similar to Ganglia’s gmetric, we can easily collect external monitoring data and inject it via telegraf into our metric store.

Below is an example of such configuration:

cat telegraf.d/pdns.conf
[[inputs.exec]]
    commands = ["/etc/telegraf/pdns-recursor.sh"]
    timeout= "5s"
    name_suffix = "_pdns"
    data_format = "json"

And this is an example of an executed script itself. A very simple curl request toward PDNS’s json stats page, which is passed to jq binary to transform it into an acceptable series collection for InfluxDB

#!/bin/bash
curl -s -H "X-API-Key: XXXXXXXXX" http://127.0.0.1:8082/api/v1/servers/localhost/statistics \
|jq 'reduce .[] as $item({}; . + { ($item.name): ($item.value|tonumber)})'

With this few lines of code, we end up with a handful of very useful metrics from PDNS that we can use to debug and / or monitor the performance of the DNS server itself.

PDNS metrics graphs

Another good example would be the StatsD interface. 

StatsD is quite well-established in all mainstream programming languages and frameworks, and Telegraf offers native support for it. The vast majority of various software supports exposing specific metrics through statsd. As a result, developers can set specific points in the application where they want to gather monitoring information and push them to Telegraf via StatsD protocol.

We can easily enable it in Telegraf configuration file like so:

[[inputs.statsd]]
    protocol = "udp"

    max_tcp_connections = 250
    service_address = "127.0.0.1:8125"

    delete_gauges = true
    delete_counters = true
    delete_sets = true
    delete_timings = true

    percentiles = [90]
    metric_separator = "_"
    parse_data_dog_tags = false
    allowed_pending_messages = 10000
    percentile_limit = 1000

And then we can for example install PHP extension apm (application performance monitoring) with pecl command. Also adding this block of config into php.ini.

pecl install apm

[root@host ~]#cat /etc/php.d/40-apm.ini
extension = apm.so
apm.store_stacktrace = Off
apm.store_ip = Off
apm.store_cookies = Off
apm.store_post = Off
apm.statsd_exception_mode = 0
apm.statsd_error_reporting = E_ALL| E_STRICT
apm.statsd_enabled = On
apm.statsd_host = localhost
apm.statsd_port = 8125

As a result, we have some basic information regarding the performance of the PHP applications running on that host. For example, the average response time of the PHP codebase, how much CPU time it consumed, what was the error distribution, what response status codes it produced, etc.

Such information is priceless for high SLA requirement projects and debugging issues by correlating it with codebase changes.

PHP applications performance graph

InfluxDB

We’re moving on to the next layer in the TICK stack, which is InfluxDB. As the diagram below indicates, it’s a purpose built Time series database.

InfluxDB diagram

Some of its most notable functionalities are:

  • SQL like query language
  • Functional query language Flux – currently in beta.
  • Organization of data within 
    • databases 
    • retention policies
    • measurements
    • series

InfluxDB, as a database has the option to execute a continuous query. You can think of it as a perpetual query that runs forever in the background. These type of queries are most commonly used to reorganize data within a database or data rollup to another retention policy. 

Unlike RRD based systems InfluxDB’s disk IO pressure is not as large.

However, because of the additional metadata in the form of tags, disk space footprint is slightly larger.

Chronograf

We will only briefly mention the chronograph as an option, as we don’t use it in our monitoring setup. Chronograf is a web frontend for displaying metrics and communicating with Kapacitor. 

For everyday use, we’ve replaced it with Grafana as it offers more powerful visualization options.

Kapacitor

The Kapacitor is, as the image below mentions, a real-time streaming data processing engine.

We consider Kapacitor a “TICK Stack Swiss knife” of sorts becausewe can use it for a lot of different use cases.

Kapacitor diagram

InfluxData initially designed Kapacitor for alerting and anomaly detection. Below, we have one example of a TICK script which performs alerting based on anomaly detection on user CPU usage.

We are looking into CPU measurement, precisely the value of the CPU-total series, and calculate average usage compared to a period of 5 minutes. If that average exceeds 80%, we send an alert to the slack channel and mail.

// cpu.tick
stream
    | from ()
        .measurement ('cpu')
    | where (lambda: "cpu" == 'cpu-total')
    | window ()
        .period(5m)
        .every(1m)
    | mean('usage_user')
        .as('mean_usage_user')
    | alert()
        .crit(lambda: "mean_usage_user" > 80)
        .message('cpu usage high!')
        .slack()
            .channel('alerts')
        .email('oncall@example.com')

We can also use Kapacitor to transform the Influx’s PUSH model into a PULL model, much like the Prometheus. Moreover, it can scrape Prometheus exported resources and put them in InfluxDB. We can also use Kapacitor to replicate data from one InfluxDB server to another, or for data downsampling.

Here you can see another example where we are doing data downsampling. On the same CPU measurement example, we take a window of 5 minutes every 5 minutes, and we calculate the average. We then store these metrics in a database Telegraf in a retention policy named 5m and add extra tags to them.

// batch_cpu-tick
batch
    | query('''
    SELECT mean ("usage_user") AS usage_user
    FROM "telegraf"."autogen","cpu"
    ''')
        .period(5m)
        .every(5m)
    | influxDBOut()
        .database('telegraf')
        .retentionPolicy('5m')
        .tag('source','kapacitor')

This is an excellent trick to reduce data storage footprint used for storing metrics. Usually, you only require a short period of high granularity metrics that are collected by default with 15s interval. 

Those metrics are exact; however, they take a large amount of storage space. With this kind of downsampling, we can have long term storage for fewer granularity metrics for lengthier periods.

Conclusion

Compared to the dark ages of 15 years ago, we have moved far ahead in terms of monitoring and insight into the status of servers and services. Nowadays, some call it observability, not monitoring, but that’s a different topic.

The point is that today, there is a large set of tools that can give us a better picture of the status of our products. With a large number of pre-built plugins and metrics to collect, there is no excuse not to do detailed monitoring.

The goal we have in Sysbee is to always keep our monitoring systems up to date with current standards and technologies. We also believe in a philosophy that there is no such thing as too-much metrics. With this kind of setup, even metrics that are useless today during regular operation can provide a crucial point for debugging issues in the future.

We also like to keep all this collected data available to end-users while enabling and encouraging them to load their metrics into the same monitoring system. 

Lastly, we hope we’ve brought monitoring and metrics collection closer to you, and you’ll start using some of these tools in your day-to-day work. Of course, if you ever need help with it, our engineers are here for you .

Share this post

Author

Branko is well versed in monitoring systems, as he’s been a part of the Sysbee’s (and Plus Hosting’s) core team for over 15 years now. As our CTO, Branko helped build the foundation for our excellent infrastructure, methods and IT-related processes which we’re using in our day-to-day work to ensure a fantastic client experience for our customers.

Related Posts

Puppet unit testing
26Oct

Puppet unit testing for beginners

Thanks to PDK (Puppet Development Kit), writing unit and acceptance tests for Puppet modules has never been easier. We’ve already... read more

The effects of downtime
29Jan

The effects of downtime

Although selling hardware or software might not be your business, the stability of your IT infrastructure plays a vital role... read more

Backup - your virtual safety net
23Oct

Backup – your virtual safety net

When was the last time you created a backup of your website? What happens when your website is infected with... read more

ShiftConference WebSummerCamp KulenDayz
13Sep

September conferences – Sysbee travel notes

As we announced about 10 days ago, we made some pretty long trips in the last 7 days at September... read more

18Jan

Understanding the Importance of GDPR in the IT Sector

Are you curious about the buzzword that has been attracting attention across IT sector - GDPR? Contrary to a bunch... read more

Renew Puppet CA Certification
10Aug

How to renew Puppet CA certificate

We've written about Puppet a couple of times before, but this time we'll cover the topic of renewing Puppet CA... read more

Preventing server downtime
30Jan

Preventing server downtime

Downtime is used to refer to periods when a system is unavailable and fails to provide or perform its primary... read more

How to reduce costs
26May

How to reduce IT infrastructure costs

In the current global crisis, companies have to cut down costs as much as possible. Laying off employees or overhauling... read more

CloudFest 2023
30Mar

It’s all about CloudFest 2023

Yes, we traveled 1 000km to get to CloudFest 2023 and it was worth it. Four days filled with amazing talks,... read more

Digital Labin 2022
06Oct

Digital Labin Conference 2022

In Istria, in the small medieval town of Labin, on September 23 and 24, Labin's IT company Lloyds Digital painted... read more