Available metrics in Prometheus format

This article lists exposed metrics, i.e., for monitoring licensed throughput and common indicator values. Prometheus supports different metric types such as counter, gauge, histogram, and summary.

Engine metrics

Metric name	Metric type	Description
Standard Envoy metrics – see Envoy documentation.	–	Note that metrics are named statistics in the Envoy online documentation: Envoy listener statistics Envoy observability statistics
`microgateway_build_info`	gauge	Metric shows the static value `1`, labeled by the Microgateway Engine version information. Example: `microgateway_build_info{version=“4.2.0”} 1`
`microgateway_license_http_rq_total`	counter	Number of total requests.
`microgateway_http_downstream_rq_threats_blocked_total`	counter	Number of requests (`rq`) blocked with `threatHandlingMode: Block` by an Engine filter. Blocks are categorized into block types. The metric has the following labels: `block_type` with `attack_type` `envoy_cluster_name` *Example with deny rule-based blocked* metric: Example microgateway_http_downstream_rq_threats_blocked_total{block_type="deny_rules", attack_type="XSS", envoy_cluster_name="YourClusterName"} A list of all available rule keys for deny rules can be found in the CR DenyRules reference documentation. See also article CR DenyRules for more information. Example with a limits-based blocked metric:** Example microgateway_http_downstream_rq_threats_blocked_total{block_type="limits", attack_type="parameter_body_size", envoy_cluster_name="YourClusterName"} The article CR Limits provides further information for limit-based blocks and potential blocks (in LogOnly mode).
`microgateway_http_downstream_rs_threats_blocked_total`	counter	Number of responses (`rs`) blocked with `threatHandlingMode: Block` by an Engine filter. Blocks are categorized into block types. The metric has the following labels: `block_type` with `attack_type` `envoy_cluster_name` *Example with OpenAPI-based blocked* metric:** Example microgateway_http_downstream_rs_threats_blocked_total{block_type="openapi", attack_type="OpenAPIViolation", envoy_cluster_name="YourClusterName"}
`microgateway_http_downstream_rq_threats_logged_total`	counter	Number of (`rq`) logs with `threatHandlingMode: LogOnly`. All potential blocks are counted. A single request can trigger more than one potential block. The metric has the following labels: `block_type` with `attack_type` `envoy_cluster_name` *Example with deny rule-based potential logged* metric: Example microgateway_http_downstream_rq_threats_logged_total{block_type="deny_rules", attack_type="xss", envoy_cluster_name="YourClusterName"} A list of all available rule keys for deny rules can be found in the CR DenyRules reference documentation. See also article CR DenyRules for more information. Example with a limits-based logged metric:** Example microgateway_http_downstream_rq_threats_logged_total{block_type="limits", attack_type="bodySize", envoy_cluster_name="YourClusterName"} The article CR Limits provides further information for limit-based blocks and potential blocks (in LogOnly mode).
`microgateway_http_downstream_rs_threats_logged_total`	counter	Number of response (`rs`) logs with `threatHandlingMode: LogOnly`. All potential blocks are counted. A single response can trigger more than one potential block. The metric has the following labels: `block_type` with `attack_type` `envoy_cluster_name` *Example with OpenAPI-based loggedmetric:* Example microgateway_http_downstream_rs_threats_logged_total{block_type="openapi", attack_type="OpenAPIViolation", envoy_cluster_name="YourClusterName"}
`microgateway_rq_processing_time_ms`	histogram	Time in milliseconds between the first received downstream byte and the last sent upstream byte of a request.
`microgateway_rs_processing_time_ms`	histogram	Time in milliseconds between the first received upstream byte and the last sent downstream byte of a response.
`microgateway_upstream_responsiveness_ms`	histogram	Time in milliseconds between the last request byte sent upstream to the first response byte received from upstream. If the calculated value is negative, e.g. for backends that are not waiting for requests to be completed, the metric `0` is displayed.

Operator metrics

Metric name	Metric type	Description
`microgateway_build_info`	gauge	Metric shows the static value 1, labeled by the Migrogateway Operator version information. Example: `microgateway_build_info{version=“4.2.0”} 1`
`microgateway_sidecars`	gauge	The number of injected Airlock Microgateway Engine sidecars managed by this Operator instance.
`microgateway_license_max_sidecars` ¹	gauge	The licensed sidecar count. A value of `inf` means there is no limit.
`microgateway_license_valid` ¹	gauge	Whether the Airlock Microgateway Operator has a valid license `1` or not `0`.
`microgateway_license_max_rq_count_per_month` ¹	gauge	The licensed request count per month. When using the community edition license, no monthly count is available, but instead the value `NaN` is shown.
`microgateway_license_is_premium` ¹	gauge	Whether the active license (if any) is a premium license `1` or not `0`.
`microgateway_license_expiry_timestamp_seconds` ¹	gauge	(Unix) timestamp when the active license expires.

1: License-related metric. See also Configuring and monitoring licenses article.
Note that when the license changes, the metrics are updated and the license status changed is logged. This can take up to 1 minute after the secret is adjusted since Kubernetes updates mounted config maps only periodically.

Further information and links

Internal links:

Using Prometheus metrics

External links:

Istio - merging Prometheus metrics