- Reference >
- MongoDB Package Components >
mongotop
mongotop
¶
On this page
macOS Sierra and Go 1.6 Incompatibility
Users running on macOS Sierra require the 3.2.10 or newer version
of mongotop
.
Upcoming Tools Migration in MongoDB 4.4
Starting in MongoDB 4.4, the mongotop
documentation
migrates to MongoDB Database Tools - mongotop. Refer to
that page for more information on the upcoming version of
mongotop
(tool version 100.0.0).
The documentation on this page only applies to the MongoDB 4.2
version of mongotop
. The MongoDB 4.2 version of
mongotop
is available for download following the instructions
in the Availability section below.
Description¶
mongotop
provides a method to track the amount of time a
MongoDB instance mongod
spends reading and writing data.
mongotop
provides statistics on a per-collection level.
By default, mongotop
returns values every second.
Run mongotop
from the system command line, not the mongo
shell.
Availability¶
The mongotop
tool is part of the MongoDB tools package. Consult the
installation guide for your platform for
instructions on how to install the tools package as part of your
MongoDB installation.
The tools package is also available from the
MongoDB Download Center,
either as a separate tools
download, or contained within the
TGZ
or ZIP
downloads, depending on platform. On Windows, the MSI
installer includes all tools as part of the default installation.
Tip
If downloading the TGZ
or ZIP
files from the Download
Center, you may want to update your PATH
environment
variable to include the directory where you installed these tools.
See the installation guide
for your platform for more information.
Syntax¶
Default¶
You can run mongotop
without any command-line options to
connect to the mongod
instance running on the localhost
port 27017
. By default, mongotop
returns values
every second.
To have mongotop
report every 30 seconds, specify the
time:
When connected to a mongod
instance, the program reports
first on the connection and then reports on the statistics at the
configured frequency.
Command Line Options¶
You can run mongotop
with various command-line
options.
For example, to connect mongotop
to a
mongod
instance running on a remote host
mongodb0.example.com
and report every 30 seconds:
You can include the desired frequency of reporting (in this example, 30 seconds) and the
--uri
option to specify the host and port:If the
mongod
instance requires authentication, you can specify the user, password, and authentication database as part of the URI connection string:The user running
mongotop
must have theserverStatus
andtop
privileges.For more information on the URI connection string, see
--uri
.Alternatively, you can use the
--host
and--port
options to specify the host and port:If the
mongod
instance requires authentication, you can specify the user-u
, and the authentication database--authenticationDatabase
. Omit the--password
option to havemongoexport
prompt for the password.The user running
mongotop
must have theserverStatus
andtop
privileges.
For more information on the options available, see Options.
When connected to a mongod
instance, the program reports
first on the connection and then reports on the statistics at the
configured frequency.
Required Access¶
In order to connect to a mongod
that enforces
authorization, the connecting user must have the
serverStatus
and top
privileges.
The built-in role clusterMonitor
provides these privileges.
Behavior¶
Options¶
-
mongotop
¶
-
--help
¶
Returns information on the options and use of mongotop.
-
--verbose
,
-v
¶
Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the
-v
form by including the option multiple times, (e.g.-vvvvv
.)
-
--quiet
¶
Runs mongotop in a quiet mode that attempts to limit the amount of output.
This option suppresses:
- output from database commands
- replication activity
- connection accepted events
- connection closed events
-
--version
¶
Returns the mongotop release number.
-
--uri
=<connectionString>
¶ New in version 3.4.6.
Specify a resolvable URI connection string (enclose in quotes) to connect to the MongoDB deployment.
For information on the components of the connection string, see the Connection String URI Format documentation.
Note
For TLS/SSL options, use the command-line options instead of the URI options for TLS/SSL (Available starting in 4.2).
Important
The following command-line options cannot be used in conjunction with
--uri
option:--host
--port
--username
--password
(if the URI connection string also includes the password)--authenticationDatabase
--authenticationMechanism
Instead, specify these options as part of your
--uri
connection string.
-
--host
=<hostname><:port>
,
-h
=<hostname><:port>
¶ Default: localhost:27017
Specifies a resolvable hostname for the
mongod
to which to connect. By default, the mongotop attempts to connect to a MongoDB instance running on the localhost on port number27017
.To connect to a replica set, specify the
replSetName
and a seed list of set members, as in the following:When specifying the replica set list format, mongotop always connects to the primary.
You can also connect to any single member of the replica set by specifying the host and port of only that member:
If you use IPv6 and use the
<address>:<port>
format, you must enclose the portion of an address and port combination in brackets (e.g.[<address>]
).If connected to a replica set where the primary is not reachable, mongotop returns an error message.
-
--port
=<port>
¶ Default: 27017
Specifies the TCP port on which the MongoDB instance listens for client connections.
-
--ipv6
¶
Removed in version 3.0.
Enables IPv6 support and allows mongotop to connect to the MongoDB instance using an IPv6 network. Prior to MongoDB 3.0, you had to specify
--ipv6
to use IPv6. In MongoDB 3.0 and later, IPv6 is always enabled.
-
--ssl
¶
Enables connection to a
mongod
ormongos
that has TLS/SSL support enabled.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslCAFile
=<filename>
¶ Specifies the
.pem
file that contains the root certificate chain from the Certificate Authority. Specify the file name of the.pem
file using relative or absolute paths.If
--tlsCAFile
/net.tls.CAFile
(or their aliases--sslCAFile
/net.ssl.CAFile
) is not specified and you are not using x.509 authentication, the system-wide CA certificate store will be used when connecting to an TLS/SSL-enabled server.To use x.509 authentication,
--tlsCAFile
ornet.tls.CAFile
must be specified unless using--tlsCertificateSelector
or--net.tls.certificateSelector
. Or if using thessl
aliases,--sslCAFile
ornet.ssl.CAFile
must be specified unless using--sslCertificateSelector
ornet.ssl.certificateSelector
.Warning
Version 3.2 and earlier: For TLS/SSL connections (
--ssl
) tomongod
andmongos
, if the mongotop runs without the--sslCAFile
, mongotop will not attempt to validate the server certificates. This creates a vulnerability to expiredmongod
andmongos
certificates as well as to foreign processes posing as validmongod
ormongos
instances. Ensure that you always specify the CA file to validate the server certificates in cases where intrusion is a possibility.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslPEMKeyFile
=<filename>
¶ Specifies the
.pem
file that contains both the TLS/SSL certificate and key. Specify the file name of the.pem
file using relative or absolute paths.This option is required when using the
--ssl
option to connect to amongod
ormongos
that hasCAFile
enabled withoutallowConnectionsWithoutCertificates
.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslPEMKeyPassword
=<value>
¶ Specifies the password to de-crypt the certificate-key file (i.e.
--sslPEMKeyFile
). Use the--sslPEMKeyPassword
option only if the certificate-key file is encrypted. In all cases, the mongotop will redact the password from all logging and reporting output.If the private key in the PEM file is encrypted and you do not specify the
--sslPEMKeyPassword
option, the mongotop will prompt for a passphrase. See TLS/SSL Certificate Passphrase.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslCRLFile
=<filename>
¶ Specifies the
.pem
file that contains the Certificate Revocation List. Specify the file name of the.pem
file using relative or absolute paths.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslAllowInvalidCertificates
¶
Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the
allowInvalidCertificates
setting, MongoDB logs as a warning the use of the invalid certificate.Starting in MongoDB 4.0, if you specify
--sslAllowInvalidCertificates
ornet.ssl.allowInvalidCertificates: true
(or in MongoDB 4.2, the alias--tlsAllowInvalidateCertificates
ornet.tls.allowInvalidCertificates: true
) when using x.509 authentication, an invalid certificate is only sufficient to establish a TLS/SSL connection but is insufficient for authentication.Warning
Although available, avoid using the
--sslAllowInvalidCertificates
option if possible. If the use of--sslAllowInvalidCertificates
is necessary, only use the option on systems where intrusion is not possible.If the
mongo
shell (and other MongoDB Tools) runs with the--sslAllowInvalidCertificates
option, themongo
shell (and other MongoDB Tools) will not attempt to validate the server certificates. This creates a vulnerability to expiredmongod
andmongos
certificates as well as to foreign processes posing as validmongod
ormongos
instances. If you only need to disable the validation of the hostname in the TLS/SSL certificates, see--sslAllowInvalidHostnames
.For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--sslAllowInvalidHostnames
¶
Disables the validation of the hostnames in TLS/SSL certificates. Allows mongotop to connect to MongoDB instances even if the hostname in their certificates do not match the specified hostname.
For more information about TLS/SSL and MongoDB, see Configure mongod and mongos for TLS/SSL and TLS/SSL Configuration for Clients .
-
--username
=<username>
,
-u
=<username>
¶ Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--password
and--authenticationDatabase
options.Note
You cannot specify both
--username
and--uri
.
-
--password
=<password>
,
-p
=<password>
¶ Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the
--username
and--authenticationDatabase
options.To prompt the user for the password, pass the
--username
option without--password
or specify an empty string as the--password
value, as in--password ""
.Note
You cannot specify both
--password
and--uri
.
-
--authenticationDatabase
=<dbname>
¶ Specifies the authentication database where the specified
--username
has been created.--authenticationDatabase
is required formongod
andmongos
instances that use Authentication. See Authentication Database.Note
You cannot specify both
--authenticationDatabase
and--uri
.
-
--authenticationMechanism
=<name>
¶ Default: SCRAM-SHA-1
Specifies the authentication mechanism the mongotop instance uses to authenticate to the
mongod
ormongos
.Changed in version 4.0: MongoDB removes support for the deprecated MongoDB Challenge-Response (
MONGODB-CR
) authentication mechanism.MongoDB adds support for SCRAM mechanism using the SHA-256 hash function (
SCRAM-SHA-256
).Value Description SCRAM-SHA-1 RFC 5802 standard Salted Challenge Response Authentication Mechanism using the SHA-1 hash function. SCRAM-SHA-256 RFC 7677 standard Salted Challenge Response Authentication Mechanism using the SHA-256 hash function.
Requires featureCompatibilityVersion set to
4.0
.New in version 4.0.
MONGODB-X509 MongoDB TLS/SSL certificate authentication. GSSAPI (Kerberos) External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise. PLAIN (LDAP SASL) External authentication using LDAP. You can also use PLAIN
for authenticating in-database users.PLAIN
transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.Note
You cannot specify both
--authenticationMechanism
and--uri
.
-
--gssapiServiceName
=<serviceName>
¶ Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use the default name of
mongodb
.This option is available only in MongoDB Enterprise.
-
--gssapiHostName
=<hostname>
¶ Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine does not match the hostname resolved by DNS.
This option is available only in MongoDB Enterprise.
-
--locks
¶
Toggles the mode of
mongotop
to report on use of per-database locks. This data is only available when connected to a MongoDB 2.6 or older instance.--locks
returns an error when called against amongod
3.0 or newer instance that does not report per-database lock usage.
-
--rowcount
=<int>
,
-n
=<int>
¶ Number of lines of data that mongotop should print. “0 for indefinite”
-
--json
¶
Returns output for mongotop in JSON format. In addition to timing data, the
--json
option also returns a count of the number of operations which took place during the polling interval.
-
<sleeptime>
¶
The final argument is the length of time, in seconds, that mongotop waits in between calls. By default mongotop returns data every second.
Fields¶
When connected to a mongod
instance, the program reports
first on the connection and then reports on the statistics at the
configured frequency. mongotop
returns time values
specified in milliseconds (ms.)
mongotop
only reports active namespaces or databases,
depending on the --locks
option. If you don’t see a database
or collection, it has received no recent activity. You can issue a
simple operation in the mongo
shell to generate activity to
affect the output of mongotop
.
-
mongotop.
ns
¶ Contains the database namespace, which combines the database name and collection.
If you use the
mongotop --locks
, thens
field does not appear in themongotop
output.
-
mongotop.
db
¶ Contains the name of the database. The database named
.
refers to the global lock, rather than a specific database.This field does not appear unless you have invoked
mongotop
with the--locks
option.
-
mongotop.
total
¶ Provides the total amount of time that this
mongod
spent operating on this namespace.
-
mongotop.
read
¶ Provides the amount of time that this
mongod
spent performing read operations on this namespace.
-
mongotop.
write
¶ Provides the amount of time that this
mongod
spent performing write operations on this namespace.
-
mongotop.
<timestamp>
¶ Provides a time stamp for the returned data.
Examples¶
By default mongotop
connects to the MongoDB instance
running on the localhost port 27017
. However, mongotop
can optionally
connect to remote mongod
instances. See the mongotop options for more
information.
To force mongotop
to return less frequently specify a number, in
seconds at the end of the command. In this example, mongotop
will
return every 15 seconds.
This command produces the following output:
To return a mongotop
report every 5 minutes, use the
following command:
Additional Information¶
For more information about monitoring MongoDB, see Monitoring for MongoDB.
For additional background on various other MongoDB status outputs see:
For an additional utility that provides MongoDB metrics see mongostat.