Vault
Telemetry metrics overview
Metric types
Vault provides three types of telemetry metrics:
- Counter metrics increment when an event occurs. Counters are cumulative and reset at the end of reporting intervals.
- Gauge metrics provide measurements of current values.
- Summary metrics provide observational values. Vault commonly uses summaries to measure the time required to for a discrete event to complete.
High-cardinality gauges, like vault.kv.secret.count
, update at the interval
configured with usage_gauge_period
in the telemetry
stanza. The default
reporting interval for gauge metrics is 10 minutes.
Metric labels
Some telemetry metrics come with additional metadata that provides context for the measurement. For example, a token metric might include the namespace it belongs to or the authentication method used to create it.
Metric metadata is labeled and incorporated into the metric name for the in-memory telemetry and any other telemetry engine that does not support custom labels.
The metric name in the table below is followed by a list of labels supported, in the order in which they appear, if flattened.
Label | Example | Description |
---|---|---|
auth_method | userpass | Authorization engine type |
cluster | vault-cluster-d54ad07 | Name of the cluster where the metric originated |
creation_ttl | 7d | Time-to-live assigned at creation, rounded up to the next-highest bucket: 1m , 10m , 20m , 1h , 2h , 1d , 2d , 7d , 30d , or +Inf |
mount_point | auth/userpass/ | Path at which an authentication method or secret engine is mounted |
name | memoryLimit | Name of the object being aggregated (for example, a quota or quota rule) |
namespace | ns1 | A namespace path or root for the root namespace |
policy | default | Name of the associated policy |
secret_engine | aws | Secrets engine type |
token_type | service | Type of the associated token: batch or service |
peer_id | node-1 | Unique identifier of a raft peer node |
node_id | node-42 | Unique identifier of a raft peer node (duplicates peer_id ) |
snapshot_config_name | config1 | Name of the configuration used for automated snapshots |