How to get the all Drives via metricbeat?

Question

I have three drives, want to get three drives in kibana but I am able to get only one drive. I have added the name of those drives in system.yml configuration file but still, only one /dev/xvda1 is getting in kibana.

My Disks are:

[vinit@ip-XXX-XX-X-XXX modules.d]$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1       99G   30G   69G  31% /
devtmpfs        2.0G   56K  2.0G   1% /dev
tmpfs           2.0G     0  2.0G   0% /dev/shm

System.yml configuration is:

# Module: system
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/6.5/metricbeat-module-system.html

- module: system
  period: 10s
  metricsets:
    - cpu
    #- load
    - memory
    #- network
    #- process
    #- process_summary
    #- core
    #- diskio
    #- socket
  process.include_top_n:
    by_cpu: 5      # include top 5 processes by CPU
    by_memory: 5   # include top 5 processes by memory

- module: system
  period: 1m
  metricsets:
    - filesystem
    - fsstat
  processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|devtmpfs|tmpfs|host|lib)($|/)'

- module: system
  period: 15m
  metricsets:
    - uptime

#- module: system
#  period: 5m
#  metricsets:
#    - raid
#  raid.mount_point: '/'

And I'm getting in kibana is:

Does anyone have any idea how to get these disks using metricbeat to logstash to kibana?

Thanks in advance for suggestions.

Answer 1

By default, metricbeat comes with a pre-configured exclusion rule in processors block. Take a look at these lines:

processors:
  - drop_event.when.regexp:
      system.filesystem.mount_point: '^/(sys|cgroup|proc|dev|etc|devtmpfs|tmpfs|host|lib)($|/)'

Basically it means that all the events that match the regexp '^/(sys|cgroup|proc|dev|etc|devtmpfs|tmpfs|host|lib)($|/)' are going to be discarded, including this two:

devtmpfs        2.0G   56K  2.0G   1% /dev
tmpfs           2.0G     0  2.0G   0% /dev/shm