Use #ELK stack to monitor #JBOSS application server

By | December 13, 2019

The ELK (ElasticSearch+LogStash +Kibana ) stack is maybe the best method to monitor your environment in a simple visually applying way.

My task was to monitor the parameters of a Jboss/Wildfly application server where my enterprise application is hosted.

There are several guides that describe how to deploy the basic stack, I am not going to insist on that. In the following steps I just list some interesting tricks discovered while implementing the setup.

STEP 1: Feed the Jboss/Wildfly logs to LogStash

To add logging from Jboss to logstash follow the following tutorial.

STEP 2: Tune the server or container where ElasticSearch runs.
ElasticSearch need a running of the max map count:

The vm_max_map_count kernel setting needs to be set to at least 262144 for production use. Depending on your platform:

In Linux

The vm_map_max_count setting should be set permanently in /etc/sysctl.conf:

$ grep vm.max_map_count /etc/sysctl.conf
To apply the setting on a live system type: sysctl -w vm.max_map_count=262144

STEP 3: Port allocation error in logstash

You may get the following error in LogStash logs:

logstash_1 | [2017-05-18T14:20:57,206][ERROR][logstash.inputs.tcp ] Could not start TCP server: Address in use {:host=>”″, :port=>5000}

The problem is that there were two configuration files used by logstash.

root@srv-syslog:~# locate central.conf

STEP 4: Filter logs with LogSpout

I found this to be very useful:

One thought on “Use #ELK stack to monitor #JBOSS application server

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.