Grafana dashboards for metrics and log visualization

In Airlock Microgateway, Grafana dashboards can be deployed either from GitHub release artifacts or via Helm chart.

Metrics are obtained using Prometheus metrics and logs are aggregated using Grafana Loki in combination with a suitable log agent (e.g., Grafana Promtail or similar).

Requirements

  • For metrics dashboards:
    Prometheus is installed and running in addition to Grafana.
  • For log dashboards:
    Grafana Loki is installed and running in addition to Grafana.

Deploying Grafana dashboards from GitHub release artifacts

  1. Go to the Airlock Microgateway GitHub Releases page.
  2. Select the latest maintenance release matching your Airlock Microgateway version.
    • For example, if you are using Airlock Microgateway 4.6, choose the latest 4.6.x release (e.g., 4.6.1). Avoid selecting a newer version as it may not be compatible with your current system setup.
  3. At the bottom of the release notes, download the file named dashboards-<version>.zip that contains the JSON files representing the Grafana dashboards.
  4. Unzip the archive to a local folder.
  5.  
    Terminal box
    unzip dashboards-<version>.zip -d dashboards
  6. The Grafana dashboards can be imported either manually or via the CLI of the corresponding deployment platform (e.g., Azure).

Deploying Grafana dashboards via Helm chart

Additonal requirement: Grafana is installed and running with the sidecar.dashboards.enabled=true flag so Grafana can automatically add, update, and remove Airlock Microgateway dashboards

In the Airlock Microgateway Operator Helm chart, several preconfigured Grafana dashboard templates are available. Setting the dashboards.create key to true enables the deployment of all dashboards. Individual dashboards can then be disabled by setting their respective create values to false.

The Operator Helm chart also includes options for dashboardLabel and folderAnnotation that can be configured to allow the Grafana sidecar to find and identify the ConfigMaps that contain the dashboards described below. These settings must match the configuration of the Grafana sidecar.

Metrics dashboards

Airlock Microgateway Overview

This dashboard contains statistics and status information on the installed Airlock Microgateway components. It provides an overview of license status, protected pods, processed requests, and latency as perceived by downstream clients.

Airlock Microgateway License

The dashboard provides detailed license information and estimated usage over the last 30 days per license ID for licenses assigned to a Microgateway Operator.

Airlock Microgateway Threats Block Metrics

This dashboard shows more detailed statistics on how Airlock Microgateway protects your applications. Processed requests and corresponding block rates can be displayed per Microgateway Operator installation and application namespace, including Block Type and Subtype.

Airlock Microgateway Threats LogOnly Metrics

The dashboard presents metrics for threats logged in threatHandlingMode: LogOnly. The temporal distribution and the breakdown by Block Type and Subtype are visualized. See also the related Airlock Microgateway Threat LogOnly Logs dashboard below.

Airlock Microgateway Upstream Metrics

This dashboard offers detailed statistics on upstream requests and connections. For upstream requests, metrics include the total number of requests, request duration, and a breakdown by status code. For upstream connections, the dashboard displays, among other things, the total number of connections, histograms of connection length and time to connect, as well as the total volume of data sent and received.

Airlock Microgateway System Metrics

The dashboard exposes information about the basic health and resource consumption of the Microgateway Engine.

Airlock Microgateway Downstream Metrics

This dashboard depicts detailed statistics on client-facing (downstream) requests and connections. For downstream requests, metrics include the total number of requests, request duration, and a breakdown by status code group. For downstream connections, the dashboard contains, among other things, the total number of connections, a histogram of connection length and time to connect, as well as the total volume of data sent and received.

Log dashboards

Airlock Microgateway Request Logs

The dashboard lists detailed log information for every request processed by Airlock Microgateway. Filtering on dashboard and table level enables a detailed analysis of the requests.

Airlock Microgateway Threats Block Logs

This dashboard displays detailed log data for requests that were blocked due to threats detected in threatHandlingMode: Block. It supports filtering at both the dashboard and table level to enable in-depth analysis of denied requests.

Airlock Microgateway Threat LogOnly Logs

The dashboard provides detailed log data for requests with threats logged in threatHandlingMode: LogOnly. It helps assess the impact of your configuration in production environments, allowing you to identify false positives and to fine-tune configurations without affecting live traffic.

Airlock Microgateway Access Control Logs

This dashboard lists detailed log information for requests with access control details available. Filtering on dashboard and table level enables a detailed analysis of the requests.

Airlock Microgateway Header Rewrites Logs

The dashboard lists detailed log information for header rewrites to analyze their impact on an application. To enable Header Rewrites Logs, set the operationalMode to Integration. For details, see CR HeaderRewrites reference documentation.