mongotop

macOS Sierra and Go 1.6 Incompatibility

Users running on macOS Sierra require the 3.2.10 or newer versionof mongotop.

Description

mongotop provides a method to track the amount of time aMongoDB instance mongod spends reading and writing data.mongotop provides statistics on a per-collection level.By default, mongotop returns values every second.

Run mongotop from the system command line, not the mongo shell.

Availability

The mongotop tool is part of the MongoDB tools package. Consult theinstallation guide for your platform forinstructions on how to install the tools package as part of yourMongoDB installation.

The tools package is also available from theMongoDB Download Center,either as a separate tools download, or contained within theTGZ or ZIP downloads, depending on platform. On Windows, the MSI installer includes all tools as part of the default installation.

Tip

If downloading the TGZ or ZIP files from the DownloadCenter, you may want to update your PATH environmentvariable to include the directory where you installed these tools.See the installation guidefor your platform for more information.

Syntax

Default

  1. mongotop [frequency]

You can run mongotop without any command-line options toconnect to the mongod instance running on the localhostport 27017. By default, mongotop returns valuesevery second.

  1. mongotop

To have mongotop report every 30 seconds, specify thetime:

  1. mongotop 30

When connected to a mongod instance, the program reportsfirst on the connection and then reports on the statistics at theconfigured frequency.

  1. 2019-04-29T15:35:27.785-0400 connected to: 127.0.0.1
  2.  
  3.              ns    total      read      write    <timestamp>
  4. <db.collection>    81802ms     0ms    81802ms
  5. ...

Command Line Options

  1. mongotop [options] [frequency]

You can run mongotop with various command-lineoptions.

For example, to connect mongotop to amongod instance running on a remote hostmongodb0.example.com and report every 30 seconds:

  • You can include the desired frequency of reporting (in thisexample, 30 seconds) and the —urioption to specify the host and port:
  1. mongotop 30 --uri='mongodb://mongodb0.example.com:27017' [additional options]

If the mongod instance requires authentication, youcan specify the user, password, and authentication database as partof the URI connection string:

  1. mongotop 30 --uri='mongodb://user:password@mongodb0.example.com:27017/?authSource=admin' [additional options]

The user running mongotop must have theserverStatus and top privileges.

For more information on the URI connection string, see—uri.

  • Alternatively, you can use the —hostand —port options to specify the hostand port:
  1. mongotop 30 --host=mongodb0.example.com --port=27017 [additional options]

If the mongod instance requires authentication, youcan specify the user -u, and theauthentication database —authenticationDatabase. Omit the —password option to have mongoexport prompt for thepassword.

  1. mongotop 30 --host=mongodb0.example.com --port=27017 -u=user --authenticationDatabase=admin [additional options]

The user running mongotop must have theserverStatus and top privileges.

For more information on the options available, seeOptions.

When connected to a mongod instance, the program reportsfirst on the connection and then reports on the statistics at theconfigured frequency.

  1. 2019-04-29T15:35:27.785-0400 connected to: 127.0.0.1
  2.  
  3.              ns    total      read      write    <timestamp>
  4. <db.collection>    81802ms     0ms    81802ms
  5. ...

Required Access

In order to connect to a mongod that enforcesauthorization, the connecting user must have theserverStatus and top privileges.

The built-in role clusterMonitor provides these privileges.

Behavior

FIPS

Starting in version 4.2, MongoDB removes the —sslFIPSModeoption for mongotop. mongotopwill use FIPS compliant connections tomongod/mongos if themongod/mongos instances areconfigured to use FIPS mode.

Options

  • mongotop
  • —help
  • Returns information on the options and use of mongotop.
  • —verbose, -v
  • Increases the amount of internal reporting returned on standard outputor in log files. Increase the verbosity with the -v form byincluding the option multiple times, (e.g. -vvvvv.)
  • —quiet
  • Runs mongotop in a quiet mode that attempts to limit the amountof output.

This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
  • —version
  • Returns the mongotop release number.
  • —uri=<connectionString>

New in version 3.4.6.

Specify a resolvable URIconnection string (enclose in quotes) to connect to the MongoDB deployment.

  1. --uri="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"

For information on the components of the connection string, seethe Connection String URI Format documentation.

Note

For TLS/SSL options, use the command-line options instead of theURI options for TLS/SSL (Available starting in4.2).

Important

The following command-line options cannot be used in conjunctionwith —uri option:

  • —host=<hostname><:port>, -h=<hostname><:port>
  • Default: localhost:27017

Specifies a resolvable hostname for the mongod to which toconnect. By default, the mongotop attempts to connect to a MongoDBinstance running on the localhost on port number 27017.

To connect to a replica set, specify thereplSetName and a seed list of set members, as inthe following:

  1. --host=<replSetName>/<hostname1><:port>,<hostname2><:port>,<...>

When specifying the replica set list format, mongotop always connects tothe primary.

You can also connect to any single member of the replica set by specifyingthe host and port of only that member:

  1. --host=<hostname1><:port>

Changed in version 3.0.0: If you use IPv6 and use the <address>:<port> format, you mustenclose the portion of an address and port combination inbrackets (e.g. [<address>]).

Note

You cannot specify both —host and —uri.

If connected to a replica set where the primary is notreachable, mongotop returns an error message.

  • —port=<port>
  • Default: 27017

Specifies the TCP port on which the MongoDB instance listens forclient connections.

Note

You cannot specify both —port and —uri.

  • —ipv6
  • Removed in version 3.0.

Enables IPv6 support and allows mongotop to connect to theMongoDB instance using an IPv6 network. Prior to MongoDB 3.0, youhad to specify —ipv6 to use IPv6. In MongoDB 3.0 and later, IPv6is always enabled.

  • —ssl

New in version 2.6.

Enables connection to a mongod or mongos that hasTLS/SSL support enabled.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslCAFile=<filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chainfrom the Certificate Authority. Specify the file name of the.pem file using relative or absolute paths.

Starting in version 3.4, if —tlsCAFile/net.tls.CAFile (ortheir aliases —sslCAFile/net.ssl.CAFile) is not specifiedand you are not using x.509 authentication, the system-wide CAcertificate store will be used when connecting to an TLS/SSL-enabledserver.

To use x.509 authentication, —tlsCAFile or net.tls.CAFilemust be specified unless using —tlsCertificateSelector or—net.tls.certificateSelector. Or if using the ssl aliases,—sslCAFile or net.ssl.CAFile must be specified unless using—sslCertificateSelector or net.ssl.certificateSelector.

Warning

Version 3.2 and earlier: For TLS/SSL connections (—ssl) tomongod and mongos, if the mongotop runs without the—sslCAFile, mongotop will not attemptto validate the server certificates. This creates a vulnerabilityto expired mongod and mongos certificates aswell as to foreign processes posing as valid mongod ormongos instances. Ensure that you always specify theCA file to validate the server certificates in cases whereintrusion is a possibility.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslPEMKeyFile=<filename>

New in version 2.6.

Specifies the .pem file that contains both the TLS/SSL certificateand key. Specify the file name of the .pem file using relativeor absolute paths.

This option is required when using the —ssl option to connectto a mongod or mongos that hasCAFile enabled withoutallowConnectionsWithoutCertificates.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslPEMKeyPassword=<value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e.—sslPEMKeyFile). Use the —sslPEMKeyPassword option only if thecertificate-key file is encrypted. In all cases, the mongotop willredact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specifythe —sslPEMKeyPassword option, the mongotop will prompt for a passphrase. SeeTLS/SSL Certificate Passphrase.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslCRLFile=<filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate RevocationList. Specify the file name of the .pem file using relative orabsolute paths.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allowsthe use of invalid certificates. When using theallowInvalidCertificates setting, MongoDB logs as awarning the use of the invalid certificate.

Starting in MongoDB 4.0, if you specify—sslAllowInvalidCertificates ornet.ssl.allowInvalidCertificates: true (or in MongoDB 4.2, thealias —tlsAllowInvalidateCertificates ornet.tls.allowInvalidCertificates: true) when using x.509authentication, an invalid certificate is only sufficient toestablish a TLS/SSL connection but is insufficient forauthentication.

Warning

Although available, avoid using the—sslAllowInvalidCertificates option if possible. If the use of—sslAllowInvalidCertificates is necessary, only use the optionon systems where intrusion is not possible.

If the mongo shell (and otherMongoDB Tools) runs with the—sslAllowInvalidCertificates option, themongo shell (and otherMongoDB Tools) will not attempt to validatethe server certificates. This creates a vulnerability to expiredmongod and mongos certificates aswell as to foreign processes posing as validmongod or mongos instances. If youonly need to disable the validation of the hostname in theTLS/SSL certificates, see —sslAllowInvalidHostnames.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —sslAllowInvalidHostnames

New in version 3.0.

Disables the validation of the hostnames in TLS/SSL certificates. Allowsmongotop to connect to MongoDB instances even if the hostname in theircertificates do not match the specified hostname.

For more information about TLS/SSL and MongoDB, seeConfigure mongod and mongos for TLS/SSL andTLS/SSL Configuration for Clients .

  • —username=<username>, -u=<username>
  • Specifies a username with which to authenticate to a MongoDB databasethat uses authentication. Use in conjunction with the —password and—authenticationDatabase options.

Note

You cannot specify both —username and —uri.

  • —password=<password>, -p=<password>
  • Specifies a password with which to authenticate to a MongoDB databasethat uses authentication. Use in conjunction with the —username and—authenticationDatabase options.

Changed in version 3.0.2: To prompt the userfor the password, pass the —username option without—password or specify an empty string as the —password value,as in —password "" .

Note

You cannot specify both —password and —uri.

Note

You cannot specify both —authenticationDatabase and —uri.

Changed in version 3.0.0: —authenticationDatabase is required for mongodand mongos instances that use Authentication.

  • —authenticationMechanism=<name>
  • Default: SCRAM-SHA-1

Specifies the authentication mechanism the mongotop instance uses toauthenticate to the mongod or mongos.

Changed in version 4.0: MongoDB removes support for the deprecated MongoDBChallenge-Response (MONGODB-CR) authentication mechanism.

MongoDB adds support for SCRAM mechanism using the SHA-256 hashfunction (SCRAM-SHA-256).

ValueDescriptionSCRAM-SHA-1RFC 5802 standardSalted Challenge Response Authentication Mechanism using the SHA-1hash function.SCRAM-SHA-256RFC 7677 standardSalted Challenge Response Authentication Mechanism using the SHA-256hash function.

Requires featureCompatibilityVersion set to 4.0.

New in version 4.0.

MONGODB-X509MongoDB TLS/SSL certificate authentication.GSSAPI (Kerberos)External authentication using Kerberos. This mechanism isavailable only in MongoDB Enterprise.PLAIN (LDAP SASL)External authentication using LDAP. You can also use PLAINfor authenticating in-database users. PLAIN transmitspasswords in plain text. This mechanism is available only inMongoDB Enterprise.

Note

You cannot specify both —authenticationMechanism and —uri.

  • —gssapiServiceName=<serviceName>

New in version 2.6.

Specify the name of the service using GSSAPI/Kerberos. Only required if the service does not use thedefault name of mongodb.

This option is available only in MongoDB Enterprise.

  • —gssapiHostName=<hostname>

New in version 2.6.

Specify the hostname of a service using GSSAPI/Kerberos. Only required if the hostname of a machine doesnot match the hostname resolved by DNS.

This option is available only in MongoDB Enterprise.

  • —locks
  • Toggles the mode of mongotop to report on use of per-databaselocks. This data is only available when connected to aMongoDB 2.6 or older instance.

—locks returns an error when called against a mongod 3.0 ornewer instance that does not report per-database lock usage.

  • —rowcount=<int>, -n=<int>
  • Number of lines of data that mongotop should print. “0 for indefinite”
  • —json

New in version 3.0.0.

Returns output for mongotop in JSON format.

  • <sleeptime>
  • The final argument is the length of time, in seconds, thatmongotop waits in between calls. By default mongotop returnsdata every second.

Fields

When connected to a mongod instance, the program reportsfirst on the connection and then reports on the statistics at theconfigured frequency. mongotop returns time valuesspecified in milliseconds (ms.)

  1. 2019-04-29T15:35:27.785-0400 connected to: 127.0.0.1
  2.  
  3.              ns    total      read      write    <timestamp>
  4. <db.collection>    81802ms     0ms    81802ms
  5. ...
  6.  
  7.              ns    total      read      write    <timestamp>
  8. <db.collection>    0ms         0ms        0ms
  9. ...

mongotop only reports active namespaces or databases,depending on the —locks option. If you don’t see a databaseor collection, it has received no recent activity. You can issue asimple operation in the mongo shell to generate activity toaffect the output of mongotop.

  • mongotop.ns
  • Contains the database namespace, which combines the database nameand collection.

If you use the mongotop —locks, the nsfield does not appear in the mongotop output.

  • mongotop.db
  • Contains the name of the database. The database named . refersto the global lock, rather than a specific database.

This field does not appear unless you have invokedmongotop with the —locks option.

  • mongotop.total
  • Provides the total amount of time that this mongod spentoperating on this namespace.
  • mongotop.read
  • Provides the amount of time that this mongod spentperforming read operations on this namespace.
  • mongotop.write
  • Provides the amount of time that this mongod spentperforming write operations on this namespace.
  • mongotop.<timestamp>
  • Provides a time stamp for the returned data.

Examples

By default mongotop connects to the MongoDB instancerunning on the localhost port 27017. However, mongotop can optionallyconnect to remote mongodinstances. See the mongotop options for moreinformation.

To force mongotop to return less frequently specify a number, inseconds at the end of the command. In this example, mongotop willreturn every 15 seconds.

  1. mongotop 15

This command produces the following output:

  1. 2019-04-29T15:35:27.785-0400 connected to: 127.0.0.1
  2.  
  3.  
  4.                     ns    total    read    write    2019-04-29T15:35:57-04:00
  5.     admin.system.roles      0ms     0ms      0ms
  6.     admin.system.users      0ms     0ms      0ms
  7.   admin.system.version      0ms     0ms      0ms
  8. config.system.sessions      0ms     0ms      0ms
  9.      local.startup_log      0ms     0ms      0ms
  10.   local.system.replset      0ms     0ms      0ms

To return a mongotop report every 5 minutes, use thefollowing command:

  1. mongotop 300

Additional Information

For more information about monitoring MongoDB, seeMonitoring for MongoDB.

For additional background on various other MongoDB status outputs see:

For an additional utility that provides MongoDB metricssee mongostat.