Core system telemetry provides information about the operational health of your
OpenBao instance.
Default metrics
vault.core.active
Metric type | Value | Description |
---|
gauge | boolean | Indicates whether the OpenBao node is active |
- A value of
1
indicates that the node is active.
- A value of
0
indicates that the node is in standby.
vault.core.check_token
Metric type | Value | Description |
---|
summary | ms | Time required to complete a token check |
vault.core.fetch_acl_and_token
Metric type | Value | Description |
---|
summary | ms | Time required to fetch ACL and token entries |
vault.core.handle_login_request
Metric type | Value | Description |
---|
summary | ms | Time required to complete a login request |
vault.core.handle_request
Metric type | Value | Description |
---|
summary | ms | Time required to complete a non-login request |
vault.core.in_flight_requests
Metric type | Value | Description |
---|
gauge | requests | Number of requests currently in progress |
vault.core.leadership_lost
Metric type | Value | Description |
---|
summary | ms | Total time that a high-availability cluster node last maintained leadership |
Leadership time updates occur whenever leadership changes. Frequent updates to
vault.core.leadership_lost
with low leadership times indicates flapping as
leader status rotates between nodes.
vault.core.leadership_setup_failed
Metric type | Value | Description |
---|
summary | ms | Time taken by the most recent leadership setup failure |
Setup failure time is an important health metric for your high-availability
OpenBao installation. We strongly recommend that you closely monitor
vault.core.leadership_setup_failed
and set alerts that keep you informed of
the overall cluster leadership status.
vault.core.license.expiration_time_epoch
Metric type | Value | Description |
---|
gauge | timestamp | Epoch time (seconds since 1970-01-01) at which the license will expire |
vault.core.locked_users
Metric type | Value | Description |
---|
gauge | users | The number of users currently locked out of OpenBao |
The number of locked users refreshes every 15 minutes.
vault.core.mount_table.num_entries
Metric type | Value | Description |
---|
gauge | objects | Number of mounts in the given mount table |
Mountpoint count metrics include labels to indicate whether the relevant table
is an authentication table or a logical table and whether the table is
replicated or local.
vault.core.mount_table.size
Metric type | Value | Description |
---|
gauge | bytes | The current size of the relevant mount table. |
Table size metrics include labels to indicate whether the relevant table is an
authentication table or a logical table and whether the table is replicated or
local.
vault.core.post_unseal
Metric type | Value | Description |
---|
summary | ms | Time required to complete post-unseal operations |
vault.core.pre_seal
Metric type | Value | Description |
---|
summary | ms | Time required to complete pre-seal operations |
vault.core.seal-internal
Metric type | Value | Description |
---|
summary | ms | Time required to complete internal OpenBao seal operations |
vault.core.seal-with-request
Metric type | Value | Description |
---|
summary | ms | Time required to complete seal operations that were triggered by explicit request |
vault.core.step_down
Metric type | Value | Description |
---|
summary | ms | Time required to step down cluster leadership |
vault.core.unseal
Metric type | Value | Description |
---|
summary | ms | Time required to complete unseal operations |
vault.core.unsealed
Metric type | Value | Description |
---|
gauge | boolean | Indicates whether OpenBao is currently unsealed |
- A value of
1
indicates OpenBao is currently unsealed and clients can
read secrets.
- A value of
0
indicates OpenBao is currently sealed and clients cannot
read secrets.
Barrier metrics
vault.barrier.delete
Metric type | Value | Description |
---|
summary | ms | Time required to complete a DELETE operation at the barrier |
vault.barrier.get
Metric type | Value | Description |
---|
summary | ms | Time required to complete a GET operation at the barrier |
vault.barrier.list
Metric type | Value | Description |
---|
summary | ms | Time required to complete a LIST operation at the barrier |
vault.barrier.put
Metric type | Value | Description |
---|
summary | ms | Time required to complete a PUT operation at the barrier |
Caching metrics
vault.cache.delete
Metric type | Value | Description |
---|
counter | number | Number of deletes from the LRU cache |
vault.cache.hit
Metric type | Value | Description |
---|
counter | number | Number of hits against the LRU cache that avoided a read from configured storage |
vault.cache.miss
Metric type | Value | Description |
---|
counter | number | Number of misses against the LRU cache that required a read from configured storage |
vault.cache.write
Metric type | Value | Description |
---|
counter | number | Number of writes to the LRU cache |
Metric collection metrics
vault.metrics.collection
Metric type | Value | Description |
---|
summary | ms | The average time required (per gauge type) to collect usage data |
vault.metrics.collection.error
Metric type | Value | Description |
---|
counter | number | The total number of errors (per gauge type) that OpenBao encountered while collecting usage data |
vault.metrics.collection.interval
Metric type | Units | Description |
---|
summary | time duration | The current value of usage_gauge_period |
Quota metrics
Quota metrics relate to rate limit and lease count quotas. Each metric comes
with a name
label that identifies the specific quota.
vault.quota.lease_count.counter
Metric type | Value | Description |
---|
gauge | lease | Total number of leases associated with the named quota rule |
The number of leases reported is specific to the quota rule listed in the name
label, not the number of leases in general. For example, if the named rule
allows for 50 leases max and there are currently 40 leases in the scope of that
quota rule, the value of vault.quota.lease_count.counter
is 40 even if there
are 1000 other leases that are unscoped or in the scope of other quota rules.
vault.quota.lease_count.max
Metric type | Value | Description |
---|
gauge | lease | Maximum number of leases allowed by the named quota rule |
vault.quota.lease_count.violation
Metric type | Value | Description |
---|
counter | number | Number of requests rejected due to exceeding the named lease count quota |
vault.quota.rate_limit.violation
Metric type | Value | Description |
---|
counter | number | Number of requests rejected due to exceeding the named rate limit quota rule |
Rollback metrics
Rollback metrics for each configured mount point. Metric names convert
forward slashes (/
) in mount names to dashes (-
). For example, if you
have the auth/token
backend configured, the corresponding mount point metric
string is auth-token
vault.rollback.attempt.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to perform a rollback operation on the given mount point |
vault.rollback.inflight
Metric type | Value | Description |
---|
gauge | number | Number of rollback operations inflight |
vault.rollback.queued
Metric type | Value | Description |
---|
guage | number | The number of rollback operations waiting to be started |
vault.rollback.waiting
Metric type | Value | Description |
---|
summary | ms | Time between queueing a rollback operation and the operation starting |
Route metrics
Mount-specific route metrics for each configured mount point. Metric names
convert forward slashes (/
) in mount names to dashes (-
). For example, if
you have the auth/token
backend configured, the corresponding mount point
metric string is auth-token
vault.route.create.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to send a create request to the backend and for the backend to complete the operation for the given mount point |
vault.route.delete.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to send a delete request to the backend and for the backend to complete the operation for the given mount point |
vault.route.list.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to send a list request to the backend and for the backend to complete the operation for the given mount point |
vault.route.read.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to send a read request to the backend and for the backend to complete the operation for the given mount point |
vault.route.rollback.{MOUNTPOINT}
Metric type | Value | Description |
---|
summary | ms | Time required to send a rollback request to the backend and for the backend to complete the operation for the given mount point |
OpenBao automatically schedules and performs mount point rollback operations to
clean up partial errors.
Runtime metrics
Runtime metrics relate specifically to the Go runtime for your OpenBao
instance.
vault.runtime.alloc_bytes
Metric type | Value | Description |
---|
gauge | bytes | Space currently allocated to OpenBao processes |
The number of allocated bytes may peak from time to time, but should
always return to a steady state value in a health OpenBao installation.
vault.runtime.free_count
Metric type | Value | Description |
---|
gauge | number | Number of freed objects |
vault.runtime.gc_pause_ns
Metric type | Value | Description |
---|
summary | ns | Time required to complete the last garbage collection run |
vault.runtime.heap_objects
Metric type | Value | Description |
---|
gauge | number | Total number of objects on the heap in memory |
The vault.runtime.heap_objects
metric is a good memory pressure indicator. We
recommend monitoring vault.runtime.heap_objects
to establish an accurate
baseline and thresholds for alerting on the health of your OpenBao installation.
vault.runtime.malloc_count
Metric type | Value | Description |
---|
gauge | number | Total number of allocated heap objects in memory |
vault.runtime.num_goroutines
Metric type | Value | Description |
---|
gauge | number | Total number of Go routines running in memory |
The vault.runtime.num_goroutines
metric is a good system load indicator. We
recommend monitoring vault.runtime.num_goroutines
to establish an accurate
baseline and thresholds for alerting on the health of your OpenBao installation.
vault.runtime.sys_bytes
Metric type | Value | Description |
---|
gauge | number | Total number of bytes allocated to OpenBao |
The total number of allocated system bytes includes space currently used by the
heap plus space that has been reclaimed by, but not returned to, the operating
system.
vault.runtime.total_gc_pause_ns
Metric type | Value | Description |
---|
gauge | ns | The total garbage collector pause time since OpenBao was last started |
vault.runtime.total_gc_runs
Metric type | Value | Description |
---|
gauge | number | The total number of garbage collection runs since OpenBao was last started |