Available metrics in Prometheus format

This article lists exposed metrics, i.e., for monitoring licensed throughput and common indicator values. Prometheus supports different metric types such as counter, gauge, histogram, and summary.

Engine metrics

Metric name

Metric type

Description

Standard Envoy metrics – see Envoy documentation.

microgateway_build_info

gauge

Metric shows the static value 1, labeled by the Microgateway Engine version information.

Example:
microgateway_build_info{version="4.2.0"} 1

microgateway_license_http_rq_total

counter

Number of total requests.

microgateway_http_downstream_rq_threats_blocked_total

counter

Number of requests (rq) blocked with threatHandlingMode: Block by an Engine filter. Blocks are categorized into block types.

  • The metric has the following labels:
  • block_type with attack_type
  • envoy_cluster_name

Example with deny rule-based blocked metric:

microgateway_http_downstream_rq_threats_blocked_total{block_type="deny_rules", attack_type="XSS", envoy_cluster_name="YourClusterName"}

A list of all available rule keys for deny rules can be found in the CR DenyRules reference documentation. See also article CR DenyRules for more information.

Example with a limits-based blocked metric:

microgateway_http_downstream_rq_threats_blocked_total{block_type="limits", attack_type="parameter_body_size", envoy_cluster_name="YourClusterName"}

The article CR Limits provides further information for limit-based blocks and potential blocks (in LogOnly mode).

microgateway_http_downstream_rs_threats_blocked_total

counter

Number of responses (rs) blocked with threatHandlingMode: Block by an Engine filter. Blocks are categorized into block types.

  • The metric has the following labels:
  • block_type with attack_type
  • envoy_cluster_name

Example with OpenAPI-based blocked metric:

microgateway_http_downstream_rs_threats_blocked_total{block_type="openapi", attack_type="OpenAPIViolation", envoy_cluster_name="YourClusterName"}

microgateway_http_downstream_rq_threats_logged_total

counter

Number of (rq) logs with threatHandlingMode: LogOnly. All potential blocks are counted. A single request can trigger more than one potential block.

  • The metric has the following labels:
  • block_type with attack_type
  • envoy_cluster_name

Example with deny rule-based potential logged metric:

microgateway_http_downstream_rq_threats_logged_total{block_type="deny_rules", attack_type="xss", envoy_cluster_name="YourClusterName"}

A list of all available rule keys for deny rules can be found in the CR DenyRules reference documentation. See also article CR DenyRules for more information.

Example with a limits-based logged metric:

microgateway_http_downstream_rq_threats_logged_total{block_type="limits", attack_type="bodySize", envoy_cluster_name="YourClusterName"}

The article CR Limits provides further information for limit-based blocks and potential blocks (in LogOnly mode).

microgateway_http_downstream_rs_threats_logged_total

counter

Number of response (rs) logs with threatHandlingMode: LogOnly. All potential blocks are counted. A single response can trigger more than one potential block.

  • The metric has the following labels:
  • block_type with attack_type
  • envoy_cluster_name

Example with OpenAPI-based loggedmetric:

microgateway_http_downstream_rs_threats_logged_total{block_type="openapi", attack_type="OpenAPIViolation", envoy_cluster_name="YourClusterName"}

microgateway_rq_processing_time_ms

histogram

Time in milliseconds between the first received downstream byte and the last sent upstream byte of a request.

microgateway_rs_processing_time_ms

histogram

Time in milliseconds between the first received upstream byte and the last sent downstream byte of a response.

microgateway_upstream_responsiveness_ms

histogram

Time in milliseconds between the last request byte sent upstream to the first response byte received from upstream.
If the calculated value is negative, e.g. for backends that are not waiting for requests to be completed, the metric 0 is displayed.

Operator metrics

Metric name

Metric type

Description

microgateway_build_info

gauge

Metric shows the static value 1, labeled by the Migrogateway Operator version information.

Example:
microgateway_build_info{version="4.2.0"} 1

microgateway_sidecars

gauge

The number of injected Airlock Microgateway Engine sidecars managed by this Operator instance.

microgateway_license_max_sidecars 1

gauge

The licensed sidecar count. A value of inf means there is no limit.

microgateway_license_valid 1

gauge

Whether the Airlock Microgateway Operator has a valid license 1 or not 0.

microgateway_license_max_rq_count_per_month 1

gauge

The licensed request count per month. When using the community edition license, no monthly count is available, but instead the value NaN is shown.

microgateway_license_is_premium 1

gauge

Whether the active license (if any) is a premium license 1 or not 0.

microgateway_license_expiry_timestamp_seconds 1

gauge

(Unix) timestamp when the active license expires.

1

License-related metric. See also Configuration and monitoring of licenses article.
Note that when the license changes, the metrics are updated and the license status changed is logged. This can take up to 1 minute after the secret is adjusted since Kubernetes updates mounted config maps only periodically.