OPTIONS

mongotop

Synopsis

mongotop provides a method to track the amount of time a MongoDB instance spends reading and writing data. mongotop provides statistics on a per-collection level. By default, mongotop returns values every second.

Important

In order to connect to a mongod that enforces authorization with the --auth option, the --username and --password options must be used, and the user specified must have the serverStatus and top privileges.

The most appropriate built-in role that has these privileges is clusterMonitor.

See also

For more information about monitoring MongoDB, see Monitoring for MongoDB.

For additional background on various other MongoDB status outputs see:

For an additional utility that provides MongoDB metrics see mongostat.

Options

mongotop
mongotop
--help

Returns information on the options and use of mongotop.

--verbose, -v

Increases the amount of internal reporting returned on standard output or in log files. Increase the verbosity with the -v form by including the option multiple times, (e.g. -vvvvv.)

--quiet

Runs the mongotop in a quiet mode that attempts to limit the amount of output.

This option suppresses:

  • output from database commands
  • replication activity
  • connection accepted events
  • connection closed events
--version

Returns the mongotop release number.

--host <hostname><:port>, -h

Default: localhost:27017

Specifies a resolvable hostname for the mongod to which to connect. By default, the mongotop attempts to connect to a MongoDB instance running on the localhost on port number 27017.

To connect to a replica set, specify the replica set name and a seed list of set members. Use the following form:

<replSetName>/<hostname1><:port>,<hostname2><:port>,<...>

You can always connect directly to a single MongoDB instance by specifying the host and port number directly.

--port <port>

Default: 27017

Specifies the TCP port on which the MongoDB instance listens for client connections.

--ipv6

Enables IPv6 support and allows the mongotop to connect to the MongoDB instance using an IPv6 network. All MongoDB programs and processes disable IPv6 support by default.

--ssl

New in version 2.6.

Enables connection to a mongod or mongos that has SSL support enabled.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--sslCAFile <filename>

New in version 2.6.

Specifies the .pem file that contains the root certificate chain from the Certificate Authority. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

Warning

If the mongo shell or any other tool that connects to mongos or mongod is run without --sslCAFile, it will not attempt to validate server certificates. This results in vulnerability to expired mongod and mongos certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you always specify the CA file against which server certificates should be validated in cases where intrusion is a possibility.

--sslPEMKeyFile <filename>

New in version 2.6.

Specifies the .pem file that contains both the SSL certificate and key. Specify the file name of the .pem file using relative or absolute paths.

This option is required when using the --ssl option to connect to a mongod or mongos that has CAFile enabled without weakCertificateValidation.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--sslPEMKeyPassword <value>

New in version 2.6.

Specifies the password to de-crypt the certificate-key file (i.e. --sslPEMKeyFile). Use the --sslPEMKeyPassword option only if the certificate-key file is encrypted. In all cases, the mongotop will redact the password from all logging and reporting output.

If the private key in the PEM file is encrypted and you do not specify the --sslPEMKeyPassword option, the mongotop will prompt for a passphrase. See SSL Certificate Passphrase.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--sslCRLFile <filename>

New in version 2.6.

Specifies the .pem file that contains the Certificate Revocation List. Specify the file name of the .pem file using relative or absolute paths.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--sslAllowInvalidCertificates

New in version 2.6.

Bypasses the validation checks for server certificates and allows the use of invalid certificates. When using the allowInvalidCertificates setting, MongoDB logs as a warning the use of the invalid certificate.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--sslFIPSMode

New in version 2.6.

Directs the mongotop to use the FIPS mode of the installed OpenSSL library. Your system must have a FIPS compliant OpenSSL library to use the --sslFIPSMode option.

The default distribution of MongoDB does not contain support for SSL. For more information on MongoDB and SSL, see Configure mongod and mongos for SSL.

--username <username>, -u

Specifies a username with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --password and --authenticationDatabase options.

--password <password>, -p

Specifies a password with which to authenticate to a MongoDB database that uses authentication. Use in conjunction with the --username and --authenticationDatabase options.

--authenticationDatabase <dbname>

New in version 2.4.

Specifies the database that holds the user’s credentials. If you do not specify an authentication database, the mongotop assumes that the database specified as the argument to --authenticationDatabase holds the user’s credentials.

--authenticationMechanism <name>

Default: MONGODB-CR

New in version 2.4.

Changed in version 2.6: Added support for the PLAIN and MONGODB-X509 authentication mechanisms.

Specifies the authentication mechanism the mongotop instance uses to authenticate to the mongod or mongos.

Value Description
MONGODB-CR MongoDB challenge/response authentication.
MONGODB-X509 MongoDB SSL certificate authentication.
PLAIN External authentication using LDAP. You can also use PLAIN for authenticating in-database users. PLAIN transmits passwords in plain text. This mechanism is available only in MongoDB Enterprise.
GSSAPI External authentication using Kerberos. This mechanism is available only in MongoDB Enterprise.
--locks

Toggles the mode of mongotop to report on use of per-database locks. These data are useful for measuring concurrent operations and lock percentage.

<sleeptime>

The final argument is the length of time, in seconds, that mongotop waits in between calls. By default mongotop returns data every second.

Fields

mongotop returns time values specified in milliseconds (ms.)

mongotop only reports active namespaces or databases, depending on the --locks option. If you don’t see a database or collection, it has received no recent activity. You can issue a simple operation in the mongo shell to generate activity to affect the output of mongotop.

mongotop.ns

Contains the database namespace, which combines the database name and collection.

Changed in version 2.2: If you use the --locks, the ns field does not appear in the mongotop output.

mongotop.db

New in version 2.2.

Contains the name of the database. The database named . refers to the global lock, rather than a specific database.

This field does not appear unless you have invoked mongotop with the --locks option.

mongotop.total

Provides the total amount of time that this mongod spent operating on this namespace.

mongotop.read

Provides the amount of time that this mongod spent performing read operations on this namespace.

mongotop.write

Provides the amount of time that this mongod spent performing write operations on this namespace.

mongotop.<timestamp>

Provides a time stamp for the returned data.

Use

By default mongotop connects to the MongoDB instance running on the localhost port 27017. However, mongotop can optionally connect to remote mongod instances. See the mongotop options for more information.

To force mongotop to return less frequently specify a number, in seconds at the end of the command. In this example, mongotop will return every 15 seconds.

mongotop 15

This command produces the following output:

connected to: 127.0.0.1

                    ns       total        read       write           2012-08-13T15:45:40
test.system.namespaces         0ms         0ms         0ms
  local.system.replset         0ms         0ms         0ms
  local.system.indexes         0ms         0ms         0ms
  admin.system.indexes         0ms         0ms         0ms
                admin.         0ms         0ms         0ms

                    ns       total        read       write           2012-08-13T15:45:55
test.system.namespaces         0ms         0ms         0ms
  local.system.replset         0ms         0ms         0ms
  local.system.indexes         0ms         0ms         0ms
  admin.system.indexes         0ms         0ms         0ms
                admin.         0ms         0ms         0ms

To return a mongotop report every 5 minutes, use the following command:

mongotop 300

To report the use of per-database locks, use mongotop --locks, which produces the following output:

$ mongotop --locks
connected to: 127.0.0.1

                  db       total        read       write          2012-08-13T16:33:34
               local         0ms         0ms         0ms
               admin         0ms         0ms         0ms
                   .         0ms         0ms         0ms
←   mongostat mongosniff  →