Update Stack Monitoring data stream to 9

[consulthys]

Proposed commit message

This PR updates the Stack Monitoring data stream names to match the new index patterns for release 9 similar to what was done between 7 and 8 (PR #29493)

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works

Disruptive User Impact

If this change is not made, the monitoring data collected by Metricbeat will not end up in the right data streams.

How to test this PR locally

1. Run the latest 9 version of any Elastic Stack components (Elasticsearch, Kibana, Logstash, Beats) and monitor them using the appropriate Metricbeat module (elasticsearch, kibana, logstash, beats) with xpack.enabled: true mode
2. Make sure that the monitoring data ends up in a data stream called .monitoring-<product>-9-mb

For monitoring Elasticsearch, the following configuration can be used.

- module: elasticsearch
  xpack.enabled: true
  period: 10s
  hosts: ["https://localhost:9200"]
  username: "elastic"
  password: "changeme"
  ssl.ca_trusted_fingerprint: "REDACTED"

Related issues

Closes #42822
Relates to elastic/elasticsearch#123102

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[AndersonQ]

Hi @consulthys,

I was trying to test to PR. It can see the .monitoring-<product>-9-mb index (mine is .monitoring-es-9-mb). But on stack monitoring I cannot see data related to the ES cluster it should be monitoring, I can only see data about standalone beats:

I'm not quite familiar with stack monitoring, it might I'm doing something wrong. Could you help me here to test it?

right now I'm using the following for the ES module:

- module: elasticsearch
  xpack.enabled: true
  metricsets:
    - node
    - node_stats
    - index
    - index_recovery
    - index_summary
    - ingest_pipeline
    - shard
  period: 1s
  hosts: ["https://localhost:9200"]
  username: "elastic"
  password: "changeme"
  ssl.ca_trusted_fingerprint: "REDACTED"

The metricbeat I built from this PR I configured it to send data to a cloud cluster. I also tried it sending data to the local cluster it's monitoring. I've run metricbeat setup -e as well.

Am I missing something?

[AndersonQ]

The comments are all minors, feel free to ignore them.

IT looks good, I just want to test it. I've added a comment about it.

[consulthys]

right now I'm using the following for the ES module:

Hi @AndersonQ thanks for testing this

The reason it's not showing up is because the cluster_stats metric set is not present. However, when running Metricbeat for Stack Monitoring, you don't need to specify the metric sets, you can simply use the following configuration:

- module: elasticsearch
  xpack.enabled: true
  period: 10s
  hosts: ["https://localhost:9200"]
  username: "elastic"
  password: "changeme"
  ssl.ca_trusted_fingerprint: "REDACTED"

[AndersonQ]

cluster_stats

either way, explicitly defining the metricset cluster_stats or not it only loads the beats information.

However I can find the documents from the cluster_stats metricset.

GET .monitoring-es-9-mb/_search
{
  "query": {
    "term": {
      "metricset.name": "cluster_stats"
    }
  }
}

{"_index":".monitoring-es-9-mb","_id":"8fj3PZUBocKx4v85yZDC","_score":3.935995,"_source":{"@timestamp":"2025-02-25T16:36:32.871Z","elasticsearch":{"version":190,"cluster":{"name":"elasticsearch","id":"rlMI0rCiTX6OOlxfbp0tHA","stats":{"status":"green","nodes":{"data":1,"fs":{"available":{"bytes":56754647040},"total":{"bytes":777524699136}},"jvm":{"max_uptime":{"ms":758017},"memory":{"heap":{"used":{"bytes":956115072},"max":{"bytes":8589934592}}}},"versions":["9.1.0"],"count":1,"master":1},"indices":{"docs":{"total":600},"total":35,"shards":{"count":35,"primaries":35},"store":{"size":{"bytes":2979508},"total_data_set_size":{"bytes":2979508}},"fielddata":{"memory":{"bytes":1920}}},"stack":{"xpack":{"ccr":{"enabled":true,"available":true}},"apm":{"found":false}},"license":{"issued_to":"elasticsearch","start_date_in_millis":-1,"max_nodes":1000,"expiry_date":"2025-03-27T16:35:22.83Z","uid":"add4f169-76d8-4b07-b35b-c6431a6034aa","issue_date_in_millis":1740501322830,"status":"active","type":"trial","issue_date":"2025-02-25T16:35:22.83Z","issuer":"elasticsearch","cluster_needs_tls":false,"expiry_date_in_millis":1743093322830},"state":{"nodes_hash":401913230,"master_node":"hNmVIpnISmqcYaRXU8GIzA","state_uuid":"XvjSdvKsSq2vobQFCd3KpQ","nodes":{"hNmVIpnISmqcYaRXU8GIzA":{"external_id":"mokona-elastic","version":"9.1.0","name":"mokona-elastic","min_index_version":8000099,"attributes":{"xpack.installed":"true","transform.config_version":"10.0.0","ml.machine_memory":"67137769472","ml.allocated_processors":"16","ml.allocated_processors_double":"16.0","ml.max_jvm_size":"8589934592","ml.config_version":"12.0.0"},"roles":["data","data_cold","data_content","data_frozen","data_hot","data_warm","ingest","master","ml","remote_cluster_client","transform"],"transport_address":"127.0.0.1:9300","ephemeral_id":"jrMez8FXTMurQFccCABH-w","max_index_version":9013000}}}}}},"service":{"address":"https://localhost:9200","type":"elasticsearch"},"event":{"dataset":"elasticsearch.cluster.stats","module":"elasticsearch","duration":42347212},"metricset":{"name":"cluster_stats","period":1000},"ecs":{"version":"8.0.0"},"host":{"name":"mokona-elastic"},"agent":{"id":"f6aaef59-8707-44b9-8863-e21ce2d4bf45","name":"mokona-elastic","type":"metricbeat","version":"9.1.0","ephemeral_id":"b45136bb-bdaa-4a95-b092-d5854b87fef5"}}}

I don't wanna to block the PR, I just wanna check if there is something else missing or if I am doing something wrong on my test.

[consulthys]

either way, explicitly defining the metricset cluster_stats or not it only loads the beats information.

@AndersonQ hmm, interesting...
So you have a local Metricbeat that monitors a local Elasticsearch and sends the metrics to another deployment in Elastic Cloud.
In order for everything to appear under the same Elasticsearch cluster in Kibana in Cloud, I think metricbeat.yml also needs to contain the following setting monitoring.cluster_uuid: xyz where xyz must be the cluster_uuid of the local Elasticsearch cluster, otherwise you'll see "Standalone cluster" and only the Beats metrics, like in your case.

If you don't mind, I'm gonna go ahead and merge.