ChatGPT
Perplexity
Claude
The fastest way to get system metrics from a Tableau Server EC2 instance into Prometheus is Node Exporter running as a systemd service, discovered automatically via ec2_sd_configs. No hardcoded IPs, no manual config updates when instances cycle.
This guide walks through every step on Amazon Linux 2023: downloading the binary, creating a locked-down system user, writing the systemd unit, and wiring up Prometheus with EC2 service discovery so the instance appears as UP in your targets page.
Prerequisites
- EC2 instance running Amazon Linux 2023 with root or sudo access
- Prometheus server with network access to port 9100 on the target instance
- EC2 instance tags (
Name,environment) set on the Tableau Server instance - IAM permissions for Prometheus to call
ec2:DescribeInstances
Step 1: Download Node Exporter
cd /tmp
curl -LO https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gzAlways grab the latest release from the official Node Exporter releases page. At the time of writing, v1.10.2 (released October 25, 2025) is the latest stable version.
Step 2: Extract and Install the Binary
tar xzf node_exporter-1.10.2.linux-amd64.tar.gz
mv node_exporter-1.10.2.linux-amd64/node_exporter /usr/local/bin/
chmod +x /usr/local/bin/node_exporterVerify the binary is in place:
which node_exporter
# /usr/local/bin/node_exporter
ls -la /usr/local/bin/node_exporter
# -rwxr-xr-x. 1 root root 22919216 Oct 25 2025 /usr/local/bin/node_exporterStep 3: Create a Dedicated System User
Node Exporter should never run as root. Create a locked-down, non-login user:
useradd --no-create-home --shell /bin/false node_exporterSkipping this step causes the service to fail with status=217/USER when systemd tries to start it.
Step 4: Create the systemd Service File
cat > /etc/systemd/system/node_exporter.service <<'EOF'
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target
[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter \
--collector.filesystem.mount-points-exclude='^/(sys|proc|dev|host|etc)($$|/)' \
--web.listen-address=:9100
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
EOFKey flags explained:
| Flag | Purpose |
|---|---|
--collector.filesystem.mount-points-exclude | Excludes virtual filesystems like /proc, /sys, /dev from disk metrics |
--web.listen-address=:9100 | Default port Prometheus scrapes from |
Restart=on-failure | Auto-restarts if the process crashes |
Step 5: Enable and Start the Service
systemctl daemon-reload
systemctl enable --now node_exporter--now starts the service immediately and enable ensures it starts on every reboot automatically.
Step 6: Verify It Is Running
systemctl status node_exporterExpected output:
● node_exporter.service - Node Exporter
Loaded: loaded (/etc/systemd/system/node_exporter.service; enabled; preset: disabled)
Active: active (running) since Thu 2026-06-19 10:00:00 UTC; 5s ago
Main PID: 461 (node_exporter)
Tasks: 5 (limit: 19660)
Memory: 2.9MThen confirm the metrics endpoint is reachable:
curl -s http://localhost:9100/metrics | head -20You should see lines starting with # HELP and # TYPE followed by metric values.
Step 7: Useful systemctl Commands
# Start
systemctl start node_exporter
# Stop
systemctl stop node_exporter
# Restart
systemctl restart node_exporter
# Status
systemctl status node_exporter
# Follow logs live
journalctl -u node_exporter -f
# Last 100 log lines
journalctl -u node_exporter -n 100Step 8: Configure Prometheus with ec2_sd
Using ec2_sd_configs means Prometheus discovers the instance automatically from its EC2 tags - no hardcoded IPs that break when instances are replaced.
Add this job to your prometheus.yml:
scrape_configs:
- job_name: 'node-exporter'
ec2_sd_configs:
- region: us-east-1 # replace with your AWS region
port: 9100
relabel_configs:
# Only scrape instances with this Name tag
- source_labels: [__meta_ec2_tag_Name]
regex: tableau-server
action: keep
# Use the Name tag as the instance label
- source_labels: [__meta_ec2_tag_Name]
target_label: instance
# Carry the environment tag through
- source_labels: [__meta_ec2_tag_environment]
target_label: envThen reload Prometheus without a full restart:
systemctl reload prometheusNavigate to Status > Targets in the Prometheus UI. The Tableau Server instance should appear as UP.
Step 9: Verify EC2 Tags
The ec2_sd relabeling depends entirely on your instance having the right tags. Check them:
aws ec2 describe-instances \
--filters "Name=tag:Name,Values=tableau-server" \
--query "Reservations[].Instances[].Tags" \
--output tableThe output should include at minimum:
| Tag Key | Value |
|---|---|
Name | tableau-server |
environment | production |
If the tags are missing or misspelled, the instance will not match the keep relabel rule and will not appear in Prometheus targets.
Troubleshooting
| Error | Cause | Fix |
|---|---|---|
Unit node_exporter.service not found | Service file missing | Create /etc/systemd/system/node_exporter.service then run daemon-reload |
status=217/USER | node_exporter OS user does not exist | Run useradd --no-create-home --shell /bin/false node_exporter |
Active: activating (auto-restart) | Binary or user missing | Check ls /usr/local/bin/node_exporter and that the user exists |
Prometheus target shows DOWN | Port 9100 blocked | Open TCP 9100 inbound in the EC2 security group from your Prometheus server IP |
| No targets in Prometheus UI | EC2 tags missing or wrong | Verify tags with aws ec2 describe-instances |
Security Checklist
- Node Exporter runs as a non-root dedicated user (
node_exporter) - Port 9100 should only be open to your Prometheus server IP in the security group - not
0.0.0.0/0 - This setup does not configure TLS, which is fine for internal VPC traffic. If you are exposing Node Exporter externally, add
--web.config.filewith TLS settings
What to Monitor on Tableau Server
Once Node Exporter is scraped, these are the metrics that matter most for a Tableau Server host:
| Metric | What It Tells You |
|---|---|
node_cpu_seconds_total | CPU saturation during extract refreshes and heavy queries |
node_memory_MemAvailable_bytes | Memory pressure - Tableau is memory-hungry |
node_filesystem_avail_bytes | Disk space for workbooks, extracts, and temp files |
node_disk_io_time_seconds_total | Disk I/O bottlenecks during extract processing |
node_network_receive_bytes_total | Network throughput for data source connections |
Pair these with Tableau Server’s own process metrics (via the Tableau REST API or the built-in tabadmin status) for full visibility into both the OS layer and application layer.
Tested on: Amazon Linux 2023, kernel 6.1.161, Node Exporter v1.10.2
Get Full Observability and Support for Your Tableau Environment
System metrics are one layer. A production Tableau setup also needs performance tuning, workbook optimization, extract scheduling, and someone who knows the platform inside out.
Our Tableau professional services cover everything from initial deployment to ongoing managed support:
- Monitoring and alerting - Node Exporter, Prometheus, and Grafana dashboards tailored to Tableau Server health
- Performance tuning - Extract refresh optimization, memory pressure analysis, and query performance
- Managed operations - Upgrades, backups, user management, and incident response
We also provide Prometheus consulting and Grafana consulting if you need the full observability stack built around your Tableau environment.