View infrastructure metrics by resource type
Get a metrics-driven view of your infrastructure grouped by resource type.
The Inventory page provides a metrics-driven view of your entire infrastructure grouped by the resources you are monitoring. All monitored resources emitting a core set of infrastructure metrics are displayed to give you a quick view of the overall health of your infrastructure.
To access the Inventory page, in your Observability project, go to Infrastructure → Inventory.
To learn more about the metrics shown on this page, refer to the Metrics reference.
Don't see any metrics?
If you haven't added data yet, click Add data to search for and install an Elastic integration.
Need help getting started? Follow the steps in Get started with system metrics.
Filter the Inventory view
To get started with your analysis, select the type of resources you want to show in the high-level view. From the Show menu, select one of the following:
- Hosts (the default)
- Kubernetes Pods
- Docker Containers
- AWS, which includes EC2 instances, S3 buckets, RDS databases, and SQS queues
When you hover over each resource in the waffle map, the metrics specific to that resource are displayed.
You can sort by resource, group the resource by specific fields related to it, and sort by either name or metric value. For example, you can filter the view to display the memory usage of your Kubernetes pods, grouped by namespace, and sorted by the memory usage value.
You can also use the search bar to create structured queries using Kibana Query Language.
For example, enter host.hostname : "host1" to view only the information for host1.
To examine the metrics for a specific time, use the time filter to select the date and time.
View host metrics
By default the Inventory page displays a waffle map that shows the hosts you
are monitoring and the current CPU usage for each host.
Alternatively, you can click the Table view icon 
Without leaving the Inventory page, you can view enhanced metrics relating to each host running in your infrastructure. On the waffle map, select a host to display the host details overlay.
Tip
To expand the overlay and view more detail, click Open as page in the upper-right corner.
The host details overlay contains the following tabs:
The Overview tab displays metrics about the selected host, including CPU usage, normalized load, memory usage, disk usage, network traffic, and the log rate.
Change the time range to view metrics over a specific period of time.
Hover over a specific time period on a chart to compare the various metrics at that given time.
The Metadata tab lists all the meta information relating to the host, including host, cloud, and agent information.
This information can help when investigating events—for example, when filtering by operating system or architecture.
The Processes tab lists the total number of processes (system.process.summary.total) running on the host,
along with the total number of processes in these various states:
- Running (
system.process.summary.running) - Sleeping (
system.process.summary.sleeping) - Stopped (
system.process.summary.stopped) - Idle (
system.process.summary.idle) - Dead (
system.process.summary.dead) - Zombie (
system.process.summary.zombie) - Unknown (
system.process.summary.unknown)
The processes listed in the Top processes table are based on an aggregation of the top CPU and the top memory consuming processes.
The number of top processes is controlled by process.include_top_n.by_cpu and process.include_top_n.by_memory.
Command | Full command line that started the process, including the absolute path to the executable, and all the arguments ( system.process.cmdline). |
PID | Process id ( process.pid). |
User | User name ( user.name). |
CPU | The percentage of CPU time spent by the process since the last event ( system.process.cpu.total.pct). |
Time | The time the process started ( system.process.cpu.start_time). |
Memory | The percentage of memory ( system.process.memory.rss.pct) the process occupied in main memory (RAM). |
State | The current state of the process and the total number of processes ( system.process.state). Expected values are: running, sleeping, dead, stopped, idle, zombie, and unknown. |
The Logs tab displays logs relating to the host that you have selected. By default, the logs tab displays the following columns.
Timestamp | The timestamp of the log entry from the timestamp field. |
Message | The message extracted from the document. The content of this field depends on the type of log message. If no special log message type is detected, the Elastic Common Schema (ECS) base field, message, is used. |
To view the logs in the Logs app for a detailed analysis, click Open in Logs.
The Anomalies table displays a list of each single metric anomaly detection job for the specific host. By default, anomaly jobs are sorted by time, showing the most recent jobs first.
Along with the name of each anomaly job, detected anomalies with a severity score equal to 50 or higher are listed. These scores represent a severity of "warning" or higher in the selected time period. The summary value represents the increase between the actual value and the expected ("typical") value of the host metric in the anomaly record result.
To drill down and analyze the metric anomaly, select Actions → Open in Anomaly Explorer. You can also select Actions → Show in Inventory to view the host Inventory page, filtered by the specific metric.
Note
These metrics are also available when viewing hosts on the Hosts page.
View metrics for other resources
When you have searched and filtered for a specific resource, you can drill down to analyze the metrics relating to it. For example, when viewing Kubernetes Pods in the high-level view, click the Pod you want to analyze and select Kubernetes Pod metrics to see detailed metrics:
Add custom metrics
If the predefined metrics displayed on the Inventory page for each resource are not sufficient for your specific use case, you can add and define custom metrics.
Select your resource, and from the Metric filter menu, click Add metric.
Integrate with Logs and APM
Depending on the features you have installed and configured, you can view logs or traces relating to a specific resource. For example, in the high-level view, when you click a Kubernetes Pod resource, you can choose:
- Kubernetes Pod logs to view corresponding logs in the Logs app.
- Kubernetes Pod APM traces to view corresponding APM traces in the APM app.