HashiCorp Cloud Platform
Configure HCP Vault Dedicated metric streaming to generic HTTP sink
For details on metrics scope and interpretation, see the HCP Vault Dedicated metrics documentation.
Availability
HCP Vault Dedicated metrics streaming is available for all production grade clusters. The feature is not available for Development tier clusters.
The generic HTTP sink is an optional metric streaming configuration that can be used when native integrations are not yet available. It provides support for sending metrics in either JSON or NDJSON formats. Additionally, you can choose to compress (gzip) metrics, if supported by your telemetry service. The exact configuration of the generic HTTP sink will depend on your target telemetry service. Not all telemetry services will support the use of the generic HTTP sink.
Refer to the HCP Vault Dedicated integrations documentation for a complete list of natively supported providers.
Prerequisites
To configure audit logs streaming you will need to have:
A HCP account with Admin or Contributor role assigned in HCP
A production grade HCP Vault Dedicated cluster
Note
If you do not have a cluster running, refer to the Create a Vault Cluster on HCP or the Deploy HCP Vault Dedicated with Terraform tutorial to create an HCP Vault Dedicated cluster.
Configure target metric service
Example log aggregation service
Webhook.site is used for demonstration purposes and will generate a unique URL on first access.
If you are using an existing HCP Vault Dedicated cluster, metrics will be publicly available.
Open a web browser and navigate to https://webhook.site/
Make note of the URL generated.
Leave this page open. You will return to the site when configuring HCP Vault Dedicated.
Enable metric streaming
Open a new web browser/tab and log in to the HCP Portal.
Navigate to the Vault clusters page.
Click the Vault cluster you wish to enable streaming for and click Metrics.
Click Enable metric streaming.
From the Select a provider view, select Generic HTTP Sink as the provider and click Next.
Under Add provider details, enter Your unique URL from webhook.site in the URI field.
Click the Strategy pull down menu. The generic HTTP sink supports both Basic (username and password) or Bearer (token) authentication.
Leave the Strategy menu blank - it is not required for webhook.site.
Leave the Headers (Optional) fields empty. Additional headers can be added to the request as key/value pairs.
Under Compression select Disable. Compression allows you to chose whether to gzip logs sent to the logging service. Verify whether your logging service supports gzip log streaming.
Click the pulldown menu for Encoding codec and select JSON. The generic HTTP sink supports both JSON and NDJSON. When using JSON, the entire message will be sent as a single JSON array. When using NDJSON, each element is placed on a new line and not wrapped in brackets (
[]
).Leave the Payload prefix and Payload suffix empty. The optional prefix and suffix allows you to add a custom prefix and suffix to the message which must be JSON formatted.
Click Save.
Metrics will start to appear after a few minutes, though the process to enable metric streaming in the HCP Portal may take up to 20 minutes.
Note
At this time, HCP Vault Dedicated only supports metric streaming to one endpoint at a time.
Edit the metrics streaming configuration (optional)
To edit a metrics streaming integration, perform the following steps.
From the Metrics page, click on the Manage drop-down, then Edit configuration.
Edit the configuration, then click Save.
Disable metrics streaming (optional)
To disable a metrics streaming integration, from the Metrics page, click on the Manage drop-down, then Disable streaming.