Observability

healthcheck the http endpoint /api/v1/status will return metadata and health info about the engine's cluster curl s localhost 4004/api/v1/status | jq { "clusters joined" { "1271a537 27f7 47e4 875d c5242ed12a72" true }, "web connected" true, "credential adapters" \[ "vault" ], "domain" null, "key adapters" \[ "deltacrdt", "vault" ], "ports" { "http" 4004, "https" 4443, "mysql" 3307, "postgres" 6543 } } description of returned values key description clusters joined ids of the cluster or clusters this proxy is part of web connected indicates whether the engine is connected to the web frontend credential adapters adapters for reading and writing database credentials key adapters adapters for reading and writing encryption keys ports ports that the engine is listening on for different protocols metrics metrics on flow and cluster status are collected by default they can be emitted to several locations based on the environment variables set on the engine for metrics with tags, a separate timeseries is created for every combination of tags within a metric for example, policy handling total will be reported separately for every handling value the following metrics are reported for all backends prometheus metrics are named slightly differently dots are replaced with underscores, eg database total instead of database total name unit tags description vm memory total byte amount of memory consumed by the application vm vm total run queue lengths total last queue length for all vm operations vm total run queue lengths cpu last queue length for cpu operations vm total run queue lengths io last queue length for io operations policy handling total last handling number of policies configured database total last number of upstream databases configured for proxying database connection total count database, client number of clients currently connected to a proxied database database encryption percent last database, table, field percentage of rows for a given field that are encrypted in the database only reported for fields that are matched by an encryption policy database decryption percent last database, table, field percentage of rows for a given field that are decrypted in the database only reported for fields that are matched by an encryption policy database tokenization percent last database, table, field percentage of rows for a given field that are tokenized in the database only reported for fields that are matched by a tokenization policy database detokenization percent last database, table, field percentage of rows for a given field that are not tokenized in the database only reported for fields that are matched by a tokenization policy proxy database access count count session, database, client, path number of times a client has accessed a specific field statsd metrics are emitted over udp to the configured statsd host by default in addition to the common metrics, the following metrics are reported name unit tags description policy database client duration timer policy, database, client millisecond duration of how long a policy took to apply database client duration timer database, client millisecond duration of how long a database query took, including applying policies statsd can be configured with these variables name default description jumpwire statsd host 127 0 0 1 hostname or ip of the statsd collector jumpwire statsd port 8125 port of the statsd collector jumpwire statsd type special formatting for the statsd metrics the only allowed value is datadog jumpwire statsd prefix jumpwire a prefix to prepend to all metric names datadog datadog is configured through the statsd metrics exporter jumpwire statsd type should be set to datadog for compatibility with dogstatsd in the datadog agent when using the datadog type, the following metrics will have a different format than the base statsd name unit tags description policy database client duration distribution policy, database, client millisecond duration of how long a policy took to apply bucketed values of 10, 100, 500, 1000, 10 000, 60 000 database client duration distribution database, client millisecond duration of how long a database query took, including applying policies bucketed values of 10, 100, 500, 1000, 10 000, 60 000 prometheus enabled by default prometheus metrics are exposed on port 9568 at /metrics in addition to the common metrics, the following metrics are reported name unit tags description policy database client duration distribution policy, database, client millisecond duration of how long a policy took to apply bucketed values of 10, 100, 500, 1000, 10 000, 60 000 database client duration distribution database, client millisecond duration of how long a database query took, including applying policies bucketed values of 10, 100, 500, 1000, 10 000, 60 000 cloudwatch access to the configured cloudwatch namespace is granted through iam credentials in addition to the common metrics, the following metrics are reported name unit tags description policy database client duration summary policy, database, client millisecond duration of how long a policy took to apply database client duration summary database, client millisecond duration of how long a database query took, including applying policies cloudwatch can be configured with these variables name default description jumpwire cloudwatch namespace jumpwire which cloudwatch namespace to publish metrics to jumpwire cloudwatch interval seconds 30 how often to publish metrics, in seconds jumpwire cloudwatch enabled false boolean to enable/disable cloudwatch metrics