- Reference >
- MongoDB Package Components >
mongotop
mongotop
¶
Synopsis¶
mongotop
provides a method to track the amount of time a
MongoDB instance spends reading and writing data. mongotop
provides statistics on a per-collection level. By default,
mongotop
returns values every second.
Important
In order to connect to a mongod
that enforces
authorization with the --auth
option, the
--username
and
--password
options must be used, and the
user specified must have the serverStatus
and
top
privileges.
The most appropriate built-in role that has these privileges is
clusterMonitor
.
See also
For more information about monitoring MongoDB, see Monitoring for MongoDB.
For additional background on various other MongoDB status outputs see:
For an additional utility that provides MongoDB metrics see mongostat.
Options¶
-
mongotop
¶
-
--help
¶
Returns information on the options and use of mongotop.
-
--verbose
,
-v
¶
Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the
-v
form by including the option multiple times, (e.g.-vvvvv
.)
-
--quiet
¶
Runs the mongotop in a quiet mode that attempts to limit the amount of output.
This option suppresses:
- output from database commands
- replication activity
- connection accepted events
- connection closed events
-
--version
¶
Returns the mongotop release number.
-
--host
<hostname><:port>
,
-h
<hostname><:port>
¶ Default: localhost:27017
Specifies a resolvable hostname for the
mongod
to which to connect. By default, the mongotop attempts to connect to a MongoDB instance running on the localhost on port number27017
.To connect to a replica set, specify the
replica set name
and a seed list of set members. Use the following form:You can always connect directly to a single MongoDB instance by specifying the host and port number directly.
-
--port
<port>
¶ Default: 27017
Specifies the TCP port on which the MongoDB instance listens for client connections.
-
--ipv6
¶
Enables IPv6 support and allows the mongotop to connect to the MongoDB instance using an IPv6 network. All MongoDB programs and processes disable IPv6 support by default.
-
--ssl
¶
New in version 2.6.
Enables connection to a
mongod
ormongos
that has TLS/SSL support enabled.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--sslCAFile
<filename>
¶ New in version 2.6.
Specifies the
.pem
file that contains the root certificate chain from the Certificate Authority. Specify the file name of the.pem
file using relative or absolute paths.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
Warning
If the
mongo
shell or any other tool that connects tomongos
ormongod
is run without--sslCAFile
, it will not attempt to validate server certificates. This results in vulnerability to expiredmongod
andmongos
certificates as well as to foreign processes posing as validmongod
ormongos
instances. Ensure that you always specify the CA file against which server certificates should be validated in cases where intrusion is a possibility.
-
--sslPEMKeyFile
<filename>
¶ New in version 2.6.
Specifies the
.pem
file that contains both the TLS/SSL certificate and key. Specify the file name of the.pem
file using relative or absolute paths.This option is required when using the
--ssl
option to connect to amongod
ormongos
that hasCAFile
enabled withoutweakCertificateValidation
.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--sslPEMKeyPassword
<value>
¶ New in version 2.6.
Specifies the password to de-crypt the certificate-key file (i.e.
--sslPEMKeyFile
). Use the--sslPEMKeyPassword
option only if the certificate-key file is encrypted. In all cases, the mongotop will redact the password from all logging and reporting output.If the private key in the PEM file is encrypted and you do not specify the
--sslPEMKeyPassword
option, the mongotop will prompt for a passphrase. See SSL Certificate Passphrase.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--sslCRLFile
<filename>
¶ New in version 2.6.
Specifies the
.pem
file that contains the Certificate Revocation List. Specify the file name of the.pem
file using relative or absolute paths.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--sslAllowInvalidCertificates
¶
New in version 2.6.
Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the
allowInvalidCertificates
setting, MongoDB logs as a warning the use of the invalid certificate.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--sslFIPSMode
¶
New in version 2.6.
Directs the mongotop to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the
--sslFIPSMode
option.The default distribution of MongoDB does not contain support for TLS/SSL. For more information on MongoDB and TLS/SSL, see Configure mongod and mongos for TLS/SSL.
-
--username
<username>
,
-u
<username>
¶ Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--password
and--authenticationDatabase
options.
-
--password
<password>
,
-p
<password>
¶ Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--username
and--authenticationDatabase
options.If you do not specify an argument for
--password
, mongotop will prompt interactively for a password on the console.
-
--authenticationDatabase
<dbname>
¶ New in version 2.4.
Specifies the database that holds the user’s credentials.
--authenticationDatabase
is required formongod
andmongos
instances that use Authentication.
-
--authenticationMechanism
<name>
¶ Default: MONGODB-CR
New in version 2.4.
Changed in version 2.6: Added support for the
PLAIN
andMONGODB-X509
authentication mechanisms.Specifies the authentication mechanism the mongotop instance uses to authenticate to the
mongod
ormongos
.Value Description MONGODB-CR MongoDB challenge/response authentication. MONGODB-X509 MongoDB TLS/SSL certificate authentication. PLAIN External authentication using LDAP. You can also use PLAIN
for authenticating in-database users.PLAIN
transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.GSSAPI External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
-
--gssapiServiceName
¶
New in version 2.6.
Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of
mongodb
.This option is available only in MongoDB Enterprise.
-
--gssapiHostName
¶
New in version 2.6.
Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.
This option is available only in MongoDB Enterprise.
-
--locks
¶
Toggles the mode of
mongotop
to report on use of per-database locks. These data are useful for measuring concurrent operations and lock percentage.
-
<sleeptime>
¶
The final argument is the length of time, in seconds, that mongotop waits in between calls. By default mongotop returns data every second.
Fields¶
mongotop
returns time values specified in milliseconds
(ms.)
mongotop
only reports active namespaces or databases,
depending on the --locks
option. If you don’t see a database
or collection, it has received no recent activity. You can issue a
simple operation in the mongo
shell to generate activity to
affect the output of mongotop
.
-
mongotop.
ns
¶ Contains the database namespace, which combines the database name and collection.
-
mongotop.
db
¶ New in version 2.2.
Contains the name of the database. The database named
.
refers to the global lock, rather than a specific database.This field does not appear unless you have invoked
mongotop
with the--locks
option.
-
mongotop.
total
¶ Provides the total amount of time that this
mongod
spent operating on this namespace.
-
mongotop.
read
¶ Provides the amount of time that this
mongod
spent performing read operations on this namespace.
-
mongotop.
write
¶ Provides the amount of time that this
mongod
spent performing write operations on this namespace.
-
mongotop.
<timestamp>
¶ Provides a time stamp for the returned data.
Use¶
By default mongotop
connects to the MongoDB instance
running on the localhost port 27017
. However, mongotop
can optionally
connect to remote mongod
instances. See the mongotop options for more
information.
To force mongotop
to return less frequently specify a number, in
seconds at the end of the command. In this example, mongotop
will
return every 15 seconds.
This command produces the following output:
To return a mongotop
report every 5 minutes, use the
following command:
To report the use of per-database locks, use mongotop --locks
,
which produces the following output: