Vault
All Vault telemetry metrics
For completeness, we provide a full list of available metrics below in alphabetic order by name.
Full metric list
database.Close
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to close a database secret engine (across all database secrets engines) |
database.Close.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered across all database secrets engines while closing database connections |
database.CreateUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to create a user across all database secrets engines |
database.CreateUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered across all database secrets engines while creating users |
database.Initialize
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to initialize a database secret engine (across all database secrets engines) |
database.Initialize.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered across all database secrets engines while initializing the database |
database.{NAME}.Close
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to close the database secrets engine {NAME} |
database.{NAME}.Close.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered for the named database secrets engines while closing database connections |
database.{NAME}.CreateUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to create a user for the named database secrets engine |
database.{NAME}.CreateUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered for the named database secrets engines while creating users |
database.{NAME}.Initialize
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to initialize a database secret engine for the named database |
database.{NAME}.Initialize.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered for the named database secrets engines while initializing the database |
database.{NAME}.RenewUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to renew a user for the named database secrets engine |
database.{NAME}.RenewUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered for the named database secrets engines while renewing users |
database.{NAME}.RevokeUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to revoke a user for the named database secrets engine |
database.{NAME}.RevokeUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered for the named database secrets engines while revoking users |
database.RenewUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to renew a user across all database secrets engines |
database.RenewUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered across all database secrets engines while renewing users |
database.RevokeUser
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to revoke a user across all database secrets engines |
database.RevokeUser.error
Metric type | Value | Description |
---|---|---|
counter | number | Number of errors encountered across all database secrets engines while revoking users |
secrets.pki.tidy.cert_store_current_entry
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the certificate store entry currently being verified by the tidy operation |
secrets.pki.tidy.cert_store_deleted_count
Metric type | Value | Description |
---|---|---|
counter | number | Number of entries deleted from the certificate store |
secrets.pki.tidy.cert_store_total_entries_remaining
Metric type | Value | Description |
---|---|---|
gauge | number | Number of entries in the certificate store checked, but not removed, during the tidy operation |
secrets.pki.tidy.cert_store_total_entries
Metric type | Value | Description |
---|---|---|
gauge | number | Number of entries in the certificate store to verify during the tidy operation |
secrets.pki.tidy.duration
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete the PKI tidy operation |
secrets.pki.tidy.failure
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the PKI tidy operation failed to finish due to errors |
secrets.pki.tidy.revoked_cert_current_entry
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the revoked certificate store entry currently being verified by the tidy operation |
secrets.pki.tidy.revoked_cert_deleted_count
Metric type | Value | Description |
---|---|---|
counter | number | Number of entries deleted from the certificate store for revoked certificates |
secrets.pki.tidy.revoked_cert_total_entries_fixed_issuers
Metric type | Value | Description |
---|---|---|
gauge | number | Number of entries in the certificate store found to have incorrect issuer information that were fixed during the tidy operation |
secrets.pki.tidy.revoked_cert_total_entries_incorrect_issuers
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of entries in the certificate store found to have incorrect issuer information |
secrets.pki.tidy.revoked_cert_total_entries_remaining
Metric type | Value | Description |
---|---|---|
gauge | number | Number of revoked certificates in the certificate store checked, but not removed, during the tidy operation |
secrets.pki.tidy.revoked_cert_total_entries
Metric type | Value | Description |
---|---|---|
gauge | number | Number of revoked certificate entries in the certificate store to be verified during the tidy operation |
secrets.pki.tidy.start_time_epoch
Metric type | Value | Description |
---|---|---|
gauge | seconds | Epoch time (seconds since 1970-01-01) when the PKI tidy operation began |
The start time metric reports a value of 0
if the PKI tidy operation is not
currently active.
secrets.pki.tidy.success
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the PKI tidy operation completed successfully |
vault.audit.{DEVICE}.log_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete all audit log requests across the device |
vault.audit.{DEVICE}.log_response
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete all audit log responses across the device |
vault.audit.log_request_failure
Metric type | Value | Description |
---|---|---|
counter | number | The number of audit log request failures across all devices |
The number of request failures is a crucial metric.
When using Prometheus sink use rate
or irate
to convert this into the number
of failures over a specific time period.
When using Vault's built-in /metrics
output format, counters are reported
aggregated over the metrics interval which defaults to 10 seconds. Due to
historical reasons, this counter is recorded in a way that makes the count
field misleading - it counts every request whether it failed or not. The mean
value however will correctly record the normalized per-second rate at which
audit errors have occurred over the interval.
Any increase in this counter indicates that all the configured audit devices failed to log a request (or response). If Vault cannot properly audit a request, or the response to a request, the original request will fail.
Refer to the Vault logs and any device-specific metrics to troubleshoot the failing audit log device.
vault.audit.log_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete all audit log requests across all audit log devices |
vault.audit.log_response_failure
Metric type | Value | Description |
---|---|---|
counter | number | The number of audit log response failures across all devices |
The number of response failures is a crucial metric.
When using Prometheus sink use rate
or irate
to convert this into the number
of failures over a specific time period.
When using Vault's built-in /metrics
output format, counters are reported
aggregated over the metrics interval which defaults to 10 seconds. Due to
historical reasons, this counter is recorded in a way that makes the count
field misleading - it counts every request whether it failed or not. The mean
value however will correctly record the normalized per-second rate at which
audit errors have occurred over the interval.
Any increase in this counter indicates that all the configured audit devices failed to log a request (or response). If Vault cannot properly audit a request, or the response to a request, the original request will fail.
Refer to the Vault logs and any device-specific metrics to troubleshoot the failing audit log device.
vault.audit.log_response
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete audit log responses across all audit log devices |
vault.audit.sink.success
Metric type | Value | Description |
---|---|---|
counter | number | Number of times an audit device was written to successfully |
vault.audit.sink.failure
Metric type | Value | Description |
---|---|---|
counter | number | Number of times an audit device encountered an error while writing |
vault.audit.fallback.success Enterprise
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the fallback audit device was written to |
vault.audit.fallback.miss Enterprise
Metric type | Value | Description |
---|---|---|
counter | number | Number of times Vault filtered out an audit entry such that no devices were written to |
vault.autopilot.failure_tolerance
Metric type | Value | Description |
---|---|---|
gauge | nodes | The number of healthy nodes in excess of quorum |
The failure tolerance indicates how many currently healthy nodes can fail without losing quorum.
vault.autopilot.healthy
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether all nodes are healthy |
- A value of
1
on the gauge means that Autopilot deems all nodes healthy. - A value of
0
on the gauge means that Autopilot deems at least 1 node unhealthy.
vault.autopilot.node.healthy
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the active node is healthy |
- A value of
1
on the gauge means that Autopilot deems the node indicated bynode_id
is healthy. - A value of
0
on the gauge means that Autopilot cannot communicate with the node indicated bynode_id
, or deems the node unhealthy.
vault.autosnapshots.last.success.time
Metric type | Value | Description |
---|---|---|
gauge | timestamp | Epoch time (seconds since 1970-01-01) of the last successful snapshot save |
vault.autosnapshots.percent.maxspace.used
Metric type | Value | Description |
---|---|---|
gauge | percentage | The percentage of space currently used on local storage (disk) by saved snapshots |
Vault only populates the vault.autosnapshots.percent.maxspace.used
metric when
the storage type for autosnapshot is local
. The percentage of used space is
relative to the maximum allocated space for snapshots, not the total available
space on local storage.
vault.autosnapshots.rotate.duration
Metric type | Value | Description |
---|---|---|
summary | ms | The time taken to rotate out the snapshot indicated by snapshot_config_name |
Vault deletes snapshots to adhere to the configured retention period. The rotation metric specifically measures the time taken to delete the snapshot once the retention period expires.
vault.autosnapshots.save.duration
Metric type | Value | Description |
---|---|---|
summary | ms | The time taken to save the snapshot indicated by snapshot_config_name |
vault.autosnapshots.save.errors
Metric type | Value | Description |
---|---|---|
counter | number | The number of errors encountered while trying to save the snapshot indicated by snapshot_config_name |
vault.autosnapshots.snapshot.size
Metric type | Value | Description |
---|---|---|
summary | bytes | The current size of the snapshot indicated by snapshot_config_name |
vault.autosnapshots.total.snapshot.size
Metric type | Value | Description |
---|---|---|
gauge | bytes | The space currently used on local storage (disk) by saved snapshots |
Vault only populates the vault.autosnapshots.total.snapshot.size
metric when
the storage type for autosnapshot is local
.
vault.azure.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Azure storage backend |
vault.azure.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Azure storage backend |
vault.azure.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Azure storage backend |
vault.azure.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Azure storage backend |
vault.barrier.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation at the barrier |
vault.barrier.estimated_encryptions
Metric type | Value | Description |
---|---|---|
counter | number | The estimated number of encryptions performed since the last key rotation |
vault.barrier.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation at the barrier |
vault.barrier.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation at the barrier |
vault.barrier.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation at the barrier |
vault.cache.delete
Metric type | Value | Description |
---|---|---|
counter | number | Number of deletes from the LRU cache |
vault.cache.hit
Metric type | Value | Description |
---|---|---|
counter | number | Number of hits against the LRU cache that avoided a read from configured storage |
vault.cache.miss
Metric type | Value | Description |
---|---|---|
counter | number | Number of misses against the LRU cache that required a read from configured storage |
vault.cache.write
Metric type | Value | Description |
---|---|---|
counter | number | Number of writes to the LRU cache |
vault.cassandra.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Cassandra storage backend |
vault.cassandra.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Cassandra storage backend |
vault.cassandra.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Cassandra storage backend |
vault.cassandra.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Cassandra storage backend |
vault.cockroachdb.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the CockroachDB storage backend |
vault.cockroachdb.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the CockroachDB storage backend |
vault.cockroachdb.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the CockroachDB storage backend |
vault.cockroachdb.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the CockroachDB storage backend |
vault.consul.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Consul storage backend |
vault.consul.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Consul storage backend |
vault.consul.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Consul storage backend |
vault.consul.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Consul storage backend |
vault.consul.transaction
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a transactional operation against the Consul storage backend |
vault.core.active
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the Vault node is active |
- A value of
1
indicates that the node is active. - A value of
0
indicates that the node is in standby.
vault.core.activity.fragment_size
Metric type | Value | Description |
---|---|---|
counter | number | Number of type objects observed by the local node |
The fragment size metric includes labels to indicate if the objects counted were entities or tokens.
vault.core.activity.segment_write
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to write activity log segments to storage |
vault.core.check_token
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a token check |
vault.core.fetch_acl_and_token
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to fetch ACL and token entries |
vault.core.handle_login_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a login request |
vault.core.handle_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a non-login request |
vault.core.in_flight_requests
Metric type | Value | Description |
---|---|---|
gauge | requests | Number of requests currently in progress |
vault.core.leadership_lost
Metric type | Value | Description |
---|---|---|
summary | ms | Total time that a high-availability cluster node last maintained leadership |
Leadership time updates occur whenever leadership changes. Frequent updates to
vault.core.leadership_lost
with low leadership times indicates flapping as
leader status rotates between nodes.
vault.core.leadership_setup_failed
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken by the most recent leadership setup failure |
Setup failure time is an important health metric for your high-availability
Vault installation. We strongly recommend that you closely monitor
vault.core.leadership_setup_failed
and set alerts that keep you informed of
the overall cluster leadership status.
vault.core.license.expiration_time_epoch
Metric type | Value | Description |
---|---|---|
gauge | timestamp | Epoch time (seconds since 1970-01-01) at which the license will expire |
vault.core.locked_users
Metric type | Value | Description |
---|---|---|
gauge | users | The number of users currently locked out of Vault |
The number of locked users refreshes every 15 minutes.
vault.core.mount_table.num_entries
Metric type | Value | Description |
---|---|---|
gauge | objects | Number of mounts in the given mount table |
Mountpoint count metrics include labels to indicate whether the relevant table is an authentication table or a logical table and whether the table is replicated or local.
vault.core.mount_table.size
Metric type | Value | Description |
---|---|---|
gauge | bytes | The current size of the relevant mount table. |
Table size metrics include labels to indicate whether the relevant table is an authentication table or a logical table and whether the table is replicated or local.
vault.core.performance_standby
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the reporting node is a performance standby |
- A value of
1
indicates the node is a performance standby - A value of
0
indicates the node is not a performance standby
vault.core.post_unseal
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete post-unseal operations |
vault.core.pre_seal
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete pre-seal operations |
vault.core.replication.dr.primary
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the Vault node is a disaster recovery primary |
- A value of
1
indicates that the node is a disaster recovery primary. - A value of
0
indicates that the node is not a disaster recovery primary.
vault.core.replication.dr.secondary
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the Vault node is a disaster recovery secondary |
- A value of
1
indicates that the node is a disaster recovery secondary. - A value of
0
indicates that the node is not a disaster recovery secondary.
vault.core.replication.performance.primary
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the Vault node is a performance primary |
- A value of
1
indicates that the node is a performance primary. - A value of
0
indicates that the node is not a performance primary.
vault.core.replication.performance.secondary
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether the Vault node is a performance secondary |
- A value of
1
indicates that the node is a performance secondary. - A value of
0
indicates that the node is not a performance secondary.
vault.core.replication.write_undo_logs
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether undo logs are enabled |
- A value of
1
indicates that Vault is generating undo logs. - A value of
0
indicates that Vault is not generating undo logs.
vault.core.replication.build_progress
Metric type | Value | Description |
---|---|---|
gauge | keys | Number of keys that have been inserted into the new tree |
vault.core.replication.build_total
Metric type | Value | Description |
---|---|---|
gauge | keys | Total number of keys that have to be inserted into the new tree |
vault.core.replication.reindex_stage
Metric type | Value | Description |
---|---|---|
gauge | stage | Current stage of the reindexing process |
- A value of
4
indicates the reindex process is committing any differences between the newly created tree and the old tree. - A value of
3
indicates the reindex process is replaying WALs to ensure no updates were missed while scanning and building. - A value of
2
indicates the reindex process is currently building a new merkle tree based of the values for the keys obtained in the scanning stage. - A value of
1
indicates the reindex process is currently creating a list of all known storage keys. - A value of
0
indicates that a reindex is not in progress.
vault.core.seal-internal
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete internal Vault seal operations |
vault.core.seal-with-request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete seal operations that were triggered by explicit request |
vault.core.step_down
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to step down cluster leadership |
vault.core.unseal
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete unseal operations |
vault.core.unsealed
Metric type | Value | Description |
---|---|---|
gauge | boolean | Indicates whether Vault is currently unsealed |
- A value of
1
indicates Vault is currently unsealed and clients can read secrets. - A value of
0
indicates Vault is currently sealed and clients cannot read secrets.
vault.couchdb.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the CouchDB storage backend |
vault.couchdb.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the CouchDB storage backend |
vault.couchdb.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the CouchDB storage backend |
vault.couchdb.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the CouchDB storage backend |
vault.dynamodb.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the DynamoDB storage backend |
vault.dynamodb.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the DynamoDB storage backend |
vault.dynamodb.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the DynamoDB storage backend |
vault.dynamodb.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the DynamoDB storage backend |
vault.etcd.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the etcd storage backend |
vault.etcd.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the etcd storage backend |
vault.etcd.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the etcd storage backend |
vault.etcd.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the etcd storage backend |
vault.expire.fetch-lease-times-by-token
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to retrieve lease times by token |
vault.expire.fetch-lease-times
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to retrieve lease times |
vault.expire.job_manager.queue_length
Metric type | Value | Description |
---|---|---|
summary | leases | The total number of pending revocation jobs by queue_id |
The queue ID in the queue_id
label indicates the mount accessor associated
with the expiring lease. For example, the secrets engine or authentication method.
vault.expire.job_manager.total_jobs
Metric type | Value | Description |
---|---|---|
summary | leases | The total number of pending revocation jobs |
vault.expire.lease_expiration
Metric type | Value | Description |
---|---|---|
counter | number | The number of lease expirations to date |
vault.expire.lease_expiration.error
Metric type | Value | Description |
---|---|---|
counter | number | The total number of lease expiration errors |
vault.expire.lease_expiration.time_in_queue
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken for a lease to get to the front of the revoke queue |
vault.expire.leases.by_expiration
Metric type | Value | Description |
---|---|---|
gauge | leases | The number of leases set to expire, grouped by the configured interval |
The relevant time intervals are defined in the telemetry stanza for your Vault server configuration with the following parameters:
lease_metrics_epsilon
: 1 hour (default)num_lease_metrics_buckets
: 168 hours (default)add_lease_metrics_namespace_labels
: false (default)
Vault reports the number of leases due to expire every lease_metrics_epsilon
interval in the time period current_time + num_lease_metrics_buckets
.
vault.expire.num_irrevocable_leases
Metric type | Value | Description |
---|---|---|
gauge | leases | The number of leases that cannot be automatically revoked |
vault.expire.num_leases
Metric type | Value | Description |
---|---|---|
gauge | leases | The total number of leases eligible for eventual expiry |
vault.expire.register-auth
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to register leases associated with new service tokens |
vault.expire.register
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken for register operations |
vault.expire.renew-token
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to renew a token |
vault.expire.renew
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to renew a lease |
vault.expire.revoke-by-token
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to revoke all secrets issued with a given token |
vault.expire.revoke-force
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to forcibly revoke a token |
vault.expire.revoke-prefix
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to revoke all tokens on a prefix |
vault.expire.revoke
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to revoke a token |
vault.gcs.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Google Cloud Storage backend |
vault.gcs.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Google Cloud Storage backend |
vault.gcs.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Google Cloud Storage backend |
vault.gcs.lock.lock
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LOCK operation against the Google Cloud Storage backend in high-availability mode |
vault.gcs.lock.unlock
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete an UNLOCK operation against the Google Cloud Storage backend in high-availability mode |
vault.gcs.lock.value
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a VALUE operation against the Google Cloud Storage backend in high-availability mode |
vault.gcs.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Google Cloud Storage backend |
vault.ha.rpc.client.echo
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to send an echo request from a standby to the active node (also emitted by perf standbys) |
vault.ha.rpc.client.echo.errors
Metric type | Value | Description |
---|---|---|
counter | number | Number of standby echo request failures (also emitted by perf standbys) |
vault.ha.rpc.client.forward
Metric type | Value | Description |
---|---|---|
summary | ms | Time taken to forward a request from a standby to the active node |
vault.ha.rpc.client.forward.errors
Metric type | Value | Description |
---|---|---|
counter | number | Number of standby request forwarding failures |
vault.identity.entity.active.monthly
Metric type | Value | Description |
---|---|---|
gauge | entities | The number of distinct entities (across all namespaces) that created a token during the past month. |
Vault reports vault.identity.entity.active.monthly
at the start of each month
when client counting is enabled.
vault.identity.entity.active.partial_month
Metric type | Value | Description |
---|---|---|
gauge | entities | The number of distinct entities (across all namespaces) that created a token during the current month. |
Vault reports vault.identity.entity.active.partial_month
periodically during
the month when client counting is enabled.
vault.identity.entity.active.reporting_period
Metric type | Value | Description |
---|---|---|
gauge | entities | The number of distinct entities (across all namespaces) that created a token during the configured reporting period. |
Vault reports vault.identity.entity.active.reporting_period
at the start of
each month when client counting is enabled.
vault.identity.entity.alias.count
Metric type | Value | Description |
---|---|---|
gauge | aliases | The number of identity entities aliases (per authN mount) currently stored in Vault |
Vault updates the alias count every usage_gauge_period
interval.
vault.identity.entity.count
Metric type | Value | Description |
---|---|---|
gauge | entities | The number of identity entity aliases (across all namespaces) currently stored in Vault. |
vault.identity.entity.creation
Metric type | Value | Description |
---|---|---|
counter | number | The number of identity entities created across all namespaces. |
vault.identity.num_entities
Metric type | Value | Description |
---|---|---|
gauge | entities | The total number of identity entities currently stored in Vault |
vault.identity.pki_acme.active.monthly
Metric type | Value | Description |
---|---|---|
gauge | clients | The number of distinct ACME PKI clients during the past month |
Vault reports vault.identity.pki_acme.active.monthly
at the start of each month
when client counting is enabled.
vault.identity.pki_acme.active.reporting_period
Metric type | Value | Description |
---|---|---|
gauge | clients | The number of distinct ACME PKI clients during the configured reporting period |
Vault reports vault.identity.pki_acme.active.reporting_period
at the start of
each month when client counting is enabled.
vault.identity.secret_sync.active.monthly
Metric type | Value | Description |
---|---|---|
gauge | secrets | The number of distinct synced secrets that had at least one active association during the past month |
Vault reports vault.identity.secret_sync.active.monthly
at the start of each month
when client counting is enabled.
vault.identity.secret_sync.active.reporting_period
Metric type | Value | Description |
---|---|---|
gauge | secrets | The number of distinct synced secrets that had at least one active association during the configured reporting period |
Vault reports vault.identity.secret_sync.active.reporting_period
at the start of
each month when client counting is enabled.
vault.identity.upsert_entity_txn
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to upsert an entity to the in-memory database and, on the active node, persist the data to storage |
vault.identity.upsert_group_txn
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to upsert group membership to the in-memory database and, on the active node, persist the data to storage |
vault.logshipper.buffer.length
Metric type | Value | Description |
---|---|---|
gauge | buffer entries | Current length of the log shipper buffer |
vault.logshipper.buffer.max_length
Metric type | Value | Description |
---|---|---|
gauge | buffer entries | Maximum length of the log shipper buffer seen to date |
vault.logshipper.buffer.max_size
Metric type | Value | Description |
---|---|---|
gauge | bytes | Maximum allowable size of the log shipper buffer |
vault.logshipper.buffer.size
Metric type | Value | Description |
---|---|---|
gauge | bytes | Current size of the log shipper buffer |
vault.logshipper.streamWALs.guard_found
Metric type | Value | Description |
---|---|---|
counter | number | Number of times Vault began streaming WAL entires and found a starting index in the merkle tree |
vault.logshipper.streamWALs.missing_guard
Metric type | Value | Description |
---|---|---|
counter | number | Number of times Vault began streaming WAL entires without finding a starting index in the Merkle tree |
vault.logshipper.streamWALs.scanned_entries
Metric type | Value | Description |
---|---|---|
summary | entries | Number of entries scanned in the buffer before Vault found the correct entry |
vault.merkle.flushDirty
Metric type | Value | Description |
---|---|---|
summary | ms | The average time required to flush dirty pages to storage |
vault.merkle.flushDirty.num_pages
Metric type | Value | Description |
---|---|---|
gauge | pages | Number of pages flushed |
vault.merkle.flushDirty.outstanding_pages
Metric type | Value | Description |
---|---|---|
gauge | pages | Number of dirty pages waiting to be flushed |
vault.merkle.saveCheckpoint
Metric type | Value | Description |
---|---|---|
summary | ms | The average time required to save a checkpoint |
vault.merkle.saveCheckpoint.num_dirty
Metric type | Value | Description |
---|---|---|
gauge | pages | Number of dirty pages at checkpoint |
vault.metrics.collection
Metric type | Value | Description |
---|---|---|
summary | ms | The average time required (per gauge type) to collect usage data |
vault.metrics.collection.error
Metric type | Value | Description |
---|---|---|
counter | number | The total number of errors (per gauge type) that Vault encountered while collecting usage data |
vault.metrics.collection.interval
Metric type | Units | Description |
---|---|---|
summary | time duration | The current value of usage_gauge_period |
vault.mssql.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Microsoft SQL Server storage backend |
vault.mssql.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Microsoft SQL Server storage backend |
vault.mssql.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Microsoft SQL Server storage backend |
vault.mssql.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Microsoft SQL Server storage backend |
vault.mysql.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the MySQL storage backend |
vault.mysql.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the MySQL storage backend |
vault.mysql.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the MySQL storage backend |
vault.mysql.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the MySQL storage backend |
vault.policy.delete_policy
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to delete a policy |
vault.policy.get_policy
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to read a policy |
vault.policy.list_policies
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to list all policies |
vault.policy.set_policy
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to set a policy |
vault.postgres.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the PostgeSQL storage backend |
vault.postgres.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the PostgeSQL storage backend |
vault.postgres.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the PostgeSQL storage backend |
vault.postgres.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the PostgeSQL storage backend |
vault.quota.lease_count.counter
Metric type | Value | Description |
---|---|---|
gauge | lease | Total number of leases associated with the named quota rule |
The number of leases reported is specific to the quota rule listed in the name
label, not the number of leases in general. For example, if the named rule
allows for 50 leases max and there are currently 40 leases in the scope of that
quota rule, the value of vault.quota.lease_count.counter
is 40 even if there
are 1000 other leases that are unscoped or in the scope of other quota rules.
vault.quota.lease_count.max
Metric type | Value | Description |
---|---|---|
gauge | lease | Maximum number of leases allowed by the named quota rule |
vault.quota.lease_count.violation
Metric type | Value | Description |
---|---|---|
counter | number | Number of requests rejected due to exceeding the named lease count quota |
vault.quota.rate_limit.violation
Metric type | Value | Description |
---|---|---|
counter | number | Number of requests rejected due to exceeding the named rate limit quota rule |
vault.raft_storage.bolt.cursor.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of cursors created in the Bolt database |
vault.raft_storage.bolt.freelist.allocated_bytes
Metric type | Value | Description |
---|---|---|
gauge | bytes | Total space allocated for the freelist for the Bolt database |
vault.raft_storage.bolt.freelist.free_pages
Metric type | Value | Description |
---|---|---|
gauge | number | Number of free pages in the freelist for the Bolt database |
vault.raft_storage.bolt.freelist.pending_pages
Metric type | Value | Description |
---|---|---|
gauge | number | Number of pending pages in the freelist for the Bolt database |
vault.raft_storage.bolt.freelist.used_bytes
Metric type | Value | Description |
---|---|---|
gauge | bytes | Total space used by the freelist for the Bolt database |
vault.raft_storage.bolt.node.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of node allocations for the Bolt database |
vault.raft_storage.bolt.node.dereferences
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of node dereferences by the Bolt database |
vault.raft_storage.bolt.page.bytes_allocated
Metric type | Value | Description |
---|---|---|
gauge | bytes | Total space allocated to the Bolt database |
vault.raft_storage.bolt.page.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of page allocations in the Bolt database |
vault.raft_storage.bolt.rebalance.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of node rebalances performed by the Bolt database |
vault.raft_storage.bolt.rebalance.time
Metric type | Value | Description |
---|---|---|
summary | ms | Time required by the Bolt database to rebalance nodes |
vault.raft_storage.bolt.spill.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of nodes spilled by the Bolt database |
vault.raft_storage.bolt.spill.time
Metric type | Value | Description |
---|---|---|
summary | ms | Total time spent spilling by the Bolt database |
vault.raft_storage.bolt.split.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of nodes split by the Bolt database |
vault.raft_storage.bolt.transaction.currently_open_read_transactions
Metric type | Value | Description |
---|---|---|
gauge | number | Number of in-process read transactions for the Bolt DB |
vault.raft_storage.bolt.transaction.started_read_transactions
Metric type | Value | Description |
---|---|---|
gauge | number | Number of read transactions started by the Bolt DB |
vault.raft_storage.bolt.write.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of writes performed by the Bolt database |
vault.raft_storage.bolt.write.time
Metric type | Value | Description |
---|---|---|
counter | ms | Total cumulative time the Bolt database has spent writing to disk. |
vault.raft_storage.follower.applied_index_delta
Metric type | Value | Description |
---|---|---|
gauge | number | The difference between the index applied by the leader and the index applied by the follower as reported by echoes |
vault.raft_storage.follower.last_heartbeat_ms
Metric type | Value | Description |
---|---|---|
gauge | ms | Time since the follower last received a heartbeat request |
vault.raft_storage.stats.applied_index
Metric type | Value | Description |
---|---|---|
gauge | number | Highest index of raft log last applied to the finite state machine or added to fsm_pending queue |
vault.raft_storage.stats.commit_index
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last raft log committed to disk on the node |
vault.raft_storage.stats.fsm_pending
Metric type | Value | Description |
---|---|---|
gauge | number | Number of raft logs queued by the node for the finite state machine to apply |
vault.raft-storage.delete
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to insert log entry to delete path |
vault.raft-storage.entry_size
Metric type | Value | Description |
---|---|---|
summary | bytes | The total size of a raft entry during log application |
vault.raft-storage.get
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to retrieve a value for the given path from the finite state machine |
vault.raft-storage.list
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to list all entries under the prefix from the finite state machine |
vault.raft-storage.put
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to insert a log entry to the persist path |
vault.raft-storage.transaction
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to insert operations into a single log |
Metric type | Value | Description |
---|---|---|
counter | number | Number of log entries that have been truncated from the head. |
Counts the number of log entries truncated from the head (i.e. the oldest entries).
If you track the rate of change in head truncations over time, individual truncate calls appear as spikes.
Metric type | Value | Description |
---|---|---|
counter | number | Number of log entries that have been truncated from the tail |
Counts the number of log entries truncated from the tail (i.e. the newest entries).
If you track the rate of change in tail truncations over time, individual truncate calls appear as spikes.
Metric type | Value | Description |
---|---|---|
counter | number | Number of calls to GetLog() |
Metric type | Value | Description |
---|---|---|
counter | number | Number of entries written |
Metric type | Value | Description |
---|---|---|
counter | number | Number of bytes of log entries read from segments before decoding. |
The log-entry-bytes-read
counter is technically an overestimate because it
includes bytes from headers, index entries, and secondary reads for entries
too large to fit in buffers.
Metric type | Value | Description |
---|---|---|
counter | number | Number of bytes of log entry after encoding with Codec. |
The log-entry-bytes-written
counter is technically an overestimate because it
includes bytes from headers and index entries.
Metric type | Value | Description |
---|---|---|
counter | number | Number of calls to StableStore.Get() or GetUint64() |
Metric type | Value | Description |
---|---|---|
counter | number | Number of calls to StableStore.Set() or SetUint64() |
Metric type | Value | Description |
---|---|---|
counter | number | Number of calls to StoreLog() |
Counts the number of entry batches appended to the log with calls to StoreLog()
.
Metric type | Value | Description |
---|---|---|
counter | number | Number of times Vault moves to a new segment file |
Metric type | Value | Description |
---|---|---|
gauge | seconds | Number of seconds between segment creation and seal. |
The last-segment-age-seconds
gauge shows the number of seconds between when a
segment is created and when it is sealed. The gauge resets each time Vault
rotates a segment and provides a rough estimate of how quickly writes are
filling the disk.
vault.raft.apply
Metric type | Value | Description |
---|---|---|
counter | number | Number of transactions in the configured interval |
The vault.raft.apply
metric is generally a good indicator of the write load
on your raft internal storage.
vault.raft.barrier
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the node started the barrier |
A node starts the barrier by issuing a blocking call when it wants to ensure that all pending operations that need to be applied to the finite state machine are properly queued.
vault.raft.candidate.electSelf
Metric type | Value | Description |
---|---|---|
summary | ms | Time required for a node to send a vote request to a peer |
vault.raft.commitNumLogs
Metric type | Value | Description |
---|---|---|
gauge | number | Number of logs processed for application to the finite state machine in a single batch |
vault.raft.commitTime
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to commit a new entry to the raft log on the leader node |
vault.raft.compactLogs
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to trim unnecessary logs |
vault.raft.fsm.apply
Metric type | Value | Description |
---|---|---|
summary | number | Number of logs committed by the finite state machine since the last interval |
vault.raft.fsm.applyBatch
Metric type | Value | Description |
---|---|---|
summary | ms | Time required by the finite state machine to apply the most recent batch of logs |
vault.raft.fsm.applyBatchNum
Metric type | Value | Description |
---|---|---|
counter | number | Number of logs applied in the most recent batch |
vault.raft.fsm.enqueue
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to queue up a batch of logs for the finite state machine to apply |
vault.raft.fsm.restore
Metric type | Value | Description |
---|---|---|
summary | ms | Time required by the finite state machine to complete a restore operation from a snapshot |
vault.raft.fsm.snapshot
Metric type | Value | Description |
---|---|---|
summary | ms | Time required by the finite state machine to record state information for the current snapshot |
vault.raft.fsm.store_config
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to store the most recent raft configuration |
vault.raft.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to retrieve an entry from underlying storage |
vault.raft.leader.dispatchLog
Metric type | Value | Description |
---|---|---|
timer | ms | Time required for the leader node to write a log entry to disk |
vault.raft.leader.dispatchNumLogs
Metric type | Value | Description |
---|---|---|
gauge | number | Number of logs committed to disk in the most recent batch |
vault.raft.leader.lastContact
Metric type | Value | Description |
---|---|---|
summary | ms | Time since the leader was last able to contact the follower nodes when checking its leader lease |
vault.raft.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to retrieve a list of keys from underlying storage |
vault.raft.peers
Metric type | Value | Description |
---|---|---|
guage | number | The number of peers in the raft cluster configuration |
vault.raft.replication.appendEntries.log
Metric type | Value | Description |
---|---|---|
summary | number | Number of logs replicated to a node to establish parity with leader logs |
vault.raft.replication.appendEntries.rpc
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to replicate leader node log entries to all follower nodes with appendEntries |
vault.raft.replication.heartbeat
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to invoke appendEntries on a peer so the peer does not time out |
vault.raft.replication.installSnapshot
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to process an installSnapshot RPC call |
Only nodes currently in the follower
state report
vault.raft.replication.installSnapshot
metrics.
vault.raft.restore
Metric type | Value | Description |
---|---|---|
counter | number | Number of times that the node performed a restore operation |
In the context of raft storage, a restore operation refers to the process where raft consumes an external snapshot to restore its state.
vault.raft.restoreUserSnapshot
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to restore the finite state machine from a user snapshot |
vault.raft.rpc.appendEntries
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to process a remote appendEntries call from a node |
vault.raft.rpc.appendEntries.processLogs
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to completely process the outstanding logs for the given node |
vault.raft.rpc.appendEntries.storeLogs
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to record any outstanding logs since the last request to append entries for the given node |
vault.raft.rpc.installSnapshot
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to process an installSnapshot RPC call |
Only nodes currently in the follower
state report
vault.raft.rpc.installSnapshot
metrics.
vault.raft.rpc.processHeartbeat
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to process a heartbeat request |
vault.raft.rpc.requestVote
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a requestVote call |
vault.raft.snapshot.create
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to capture a new snapshot |
vault.raft.snapshot.persist
Metric type | Value | Description |
---|---|---|
timer | ms | Time required to record snapshot meta information to disk while taking snapshots |
vault.raft.snapshot.takeSnapshot
Metric type | Value | Description |
---|---|---|
timer | ms | Total time required to create and persist the current snapshot |
In most cases, vault.raft.snapshot.takeSnapshot
is approximately equal to
vault.raft.snapshot.create + vault.raft.snapshot.persist
.
vault.raft.state.candidate
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the raft server initiated an election |
vault.raft.state.follower
Metric type | Value | Description |
---|---|---|
summary | number | Number of times in the configured interval that the raft server became a follower |
Nodes transition to follower
state under the following conditions:
- when the node joins the cluster
- when a leader is elected, but the node was not elected leader
vault.raft.state.leader
Metric type | Value | Description |
---|---|---|
counter | number | Number of times the raft server became a leader |
vault.raft.transition.heartbeat_timeout
Metric type | Value | Description |
---|---|---|
summary | number | Number of times that the node transitioned to candidate state after not receiving a heartbeat message from the last known leader |
vault.raft.transition.leader_lease_timeout
Metric type | Value | Description |
---|---|---|
counter | number | The number of times the leader could not contact a quorum of nodes and therefore stepped down |
vault.raft.verify_leader
Metric type | Value | Description |
---|---|---|
counter | number | Number of times in the configured interval that the node confirmed it is still the leader |
vault.replication.fetchRemoteKeys
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to fetch keys from a remote cluster participating in replication before Merkle tree delta generation occurs |
vault.replication.fsm.last_remote_wal
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last remote write-ahead log. |
Note
Standby nodes do not emit `last_remote_wal` details.vault.replication.fsm.last_upstream_remote_wal
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last remote WAL segment received from the upstream cluster by the local cluster leader. |
vault.replication.merkle.commit_index
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last commit to the Merkle tree |
vault.replication.merkleDiff
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to perform a Merkle tree delta comparison among the clusters participating in replication |
vault.replication.merkleSync
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to perform a Merkle tree synchronization with the most recent delta generated by the clusters participating in replication |
vault.replication.rpc.client.conflicting_pages
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a conflicting pages request for the client |
vault.replication.rpc.client.create_token_register_auth_lease
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a register authentication token request for the client |
vault.replication.rpc.client.fetch_keys
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a fetch keys request for the client |
vault.replication.rpc.client.forward
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a forward request for the client |
vault.replication.rpc.client.guard_hash
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a guard hash request for the client |
vault.replication.rpc.client.persist_alias
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to persist an alias for the client |
vault.replication.rpc.client.register_auth
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a register authentication request for the client |
vault.replication.rpc.client.register_lease
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to register a lease for the client |
vault.replication.rpc.client.save_mfa_response_auth
Metric type | Value | Description |
---|---|---|
summary | ms | Time required by the client to save the MFA authentication response |
vault.replication.rpc.client.stream_wals
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to stream write-ahead logs for the client |
vault.replication.rpc.client.sub_page_hashes
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a sub-page hash request for the client |
vault.replication.rpc.client.sync_counter
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a counter sync request for the client |
vault.replication.rpc.client.upsert_group
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a group upsert request for the client |
vault.replication.rpc.client.wrap_in_cubbyhole
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a cubbyhole wrap request for the client |
vault.replication.rpc.dr.server.echo
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete an echo request for disaster recovery |
vault.replication.rpc.dr.server.fetch_keys_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a fetch keys request for disaster recovery |
vault.replication.rpc.server.auth_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete an authentication request |
vault.replication.rpc.server.bootstrap_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a bootstrap request |
vault.replication.rpc.server.conflicting_pages_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a conflicting pages request |
vault.replication.rpc.server.echo
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete an echo operation |
vault.replication.rpc.server.last_heartbeat
Metric type | Value | Description |
---|---|---|
gauge | timestamp | Epoch time (seconds since 1970-01-01) of the last heartbeat received from the connected cluster |
vault.replication.rpc.server.forwarding_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a forwarding request |
vault.replication.rpc.server.guard_hash_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a guard hash request |
vault.replication.rpc.server.persist_alias_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a request to persist an alias |
vault.replication.rpc.server.persist_persona_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a request to persist an alias |
vault.replication.rpc.server.save_mfa_response_auth
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to save a MFA authentication response |
vault.replication.rpc.server.stream_wals_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a request to stream write-ahead logs |
vault.replication.rpc.server.sub_page_hashes_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a sub-page hashes request |
vault.replication.rpc.server.sync_counter_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a counter sync request |
vault.replication.rpc.server.upsert_group_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a group upsert request |
vault.replication.rpc.standby.server.create_token_register_auth_lease_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to service a create token request from a standby node |
vault.replication.rpc.standby.server.echo
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to service an echo request from a standby node |
vault.replication.rpc.standby.server.register_auth_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to service a register auth request from a standby node |
vault.replication.rpc.standby.server.register_lease_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to service a register lease request from a standby node |
vault.replication.rpc.standby.server.wrap_token_request
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to service a wrap token request from a standby node |
vault.replication.wal.gc
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete one run of the WAL garbage collection process |
vault.replication.wal.last_dr_wal
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last write-ahead log for disaster recovery. Note that this is emitted by all Vault Enterprise clusters, regardless of cluster type. |
vault.replication.wal.last_performance_wal
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last write-ahead log for performance |
vault.replication.wal.last_wal
Metric type | Value | Description |
---|---|---|
gauge | number | Index of the last write-ahead log |
vault.rollback.attempt.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to perform a rollback operation on the given mount point |
vault.rollback.attempt
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to perform a rollback operation |
vault.rollback.inflight
Metric type | Value | Description |
---|---|---|
gauge | number | Number of rollback operations inflight |
vault.rollback.queued
Metric type | Value | Description |
---|---|---|
guage | number | The number of rollback operations waiting to be started |
vault.rollback.waiting
Metric type | Value | Description |
---|---|---|
summary | ms | Time between queueing a rollback operation and the operation starting |
vault.route.create.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a create request to the backend and for the backend to complete the operation for the given mount point |
vault.route.delete.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a delete request to the backend and for the backend to complete the operation for the given mount point |
vault.route.list.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a list request to the backend and for the backend to complete the operation for the given mount point |
vault.route.read.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a read request to the backend and for the backend to complete the operation for the given mount point |
vault.route.rollback.{MOUNTPOINT}
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a rollback request to the backend and for the backend to complete the operation for the given mount point |
Vault automatically schedules and performs mount point rollback operations to clean up partial errors.
vault.route.rollback
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to send a rollback request to the backend and for the backend to complete the operation |
Vault automatically schedules and performs mount point rollback operations to clean up partial errors.
vault.runtime.alloc_bytes
Metric type | Value | Description |
---|---|---|
gauge | bytes | Space currently allocated to Vault processes |
The number of allocated bytes may peak from time to time, but should always return to a steady state value in a health Vault installation.
vault.runtime.free_count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of freed objects |
vault.runtime.gc_pause_ns
Metric type | Value | Description |
---|---|---|
summary | ns | Time required to complete the last garbage collection run |
vault.runtime.heap_objects
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of objects on the heap in memory |
The vault.runtime.heap_objects
metric is a good memory pressure indicator. We
recommend monitoring vault.runtime.heap_objects
to establish an accurate
baseline and thresholds for alerting on the health of your Vault installation.
vault.runtime.malloc_count
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of allocated heap objects in memory |
vault.runtime.num_goroutines
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of Go routines running in memory |
The vault.runtime.num_goroutines
metric is a good system load indicator. We
recommend monitoring vault.runtime.num_goroutines
to establish an accurate
baseline and thresholds for alerting on the health of your Vault installation.
vault.runtime.sys_bytes
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of bytes allocated to Vault |
The total number of allocated system bytes includes space currently used by the heap plus space that has been reclaimed by, but not returned to, the operating system.
vault.runtime.total_gc_pause_ns
Metric type | Value | Description |
---|---|---|
gauge | ns | The total garbage collector pause time since Vault was last started |
vault.runtime.total_gc_runs
Metric type | Value | Description |
---|---|---|
gauge | number | The total number of garbage collection runs since Vault was last started |
vault.s3.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Amazon S3 storage backend |
vault.s3.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Amazon S3 storage backend |
vault.s3.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Amazon S3 storage backend |
vault.s3.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Amazon S3 storage backend |
vault.secret.kv.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of entries in each key-value secrets engines |
Vault organizes the key-value pair count by cluster, namespace, and mount point.
vault.secret.lease.creation
Metric type | Value | Description |
---|---|---|
counter | number | Number of leases created by secrets engines |
Vault organizes the lease count by cluster, namespace, secret engine, mount point, and time to live (TTL).
vault.secrets-sync.destinations.count
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of destinations across all namespaces for each destination type |
vault.secrets-sync.associations.count
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of associations across all namespaces for each destination type |
vault.spanner.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the Google Cloud Spanner storage backend |
vault.spanner.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the Google Cloud Spanner storage backend |
vault.spanner.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the Google Cloud Spanner storage backend |
vault.spanner.lock.lock
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LOCK operation against the Google Cloud Spanner storage backend in high-availability mode |
vault.spanner.lock.unlock
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a UNLOCK operation against the Google Cloud Spanner storage backend in high-availability mode |
vault.spanner.lock.value
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a VALUE operation against the Google Cloud Spanner storage backend in high-availability mode |
vault.spanner.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the Google Cloud Spanner storage backend |
vault.swift.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the OpenStack Swift backend |
vault.swift.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the OpenStack Swift backend |
vault.swift.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the OpenStack Swift backend |
vault.swift.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the OpenStack Swift backend |
vault.token.count
Metric type | Value | Description |
---|---|---|
gauge | number | Number of un-expired and un-revoked tokens available for use in the token store |
Vault updates the token count every 10 minutes organizes the result by cluster and namespace.
vault.token.count.by_auth
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of service tokens created by a particular auth method |
Vault organizes the token count by cluster, namespace, and authentication method.
vault.token.count.by_policy
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of service tokens with a particular policy attached |
Vault organizes the token count by cluster, namespace, and policy. Tokens with more than one policy attached appear in the gauge for each associated policy.
vault.token.count.by_ttl
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of service tokens assigned a particular time to live (TTL) |
Vault organizes the token count by cluster, namespace, and the TTL range assigned at creation.
vault.token.create_root
Metric type | Value | Description |
---|---|---|
counter | number | Number of root tokens created |
The vault.token.create_root
counts the total number of root tokens created
over time, not the number of root tokens currently in use. As a result, the
value of vault.token.create_root
does not decrease when a root token is
revoked.
vault.token.create
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to create a token in Vault |
vault.token.createAccessor
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to create a token accessor in Vault |
vault.token.creation
Metric type | Value | Description |
---|---|---|
counter | number | Number of service or batch tokens created |
Vault organizes the creation count by cluster, namespace, authentication method, mount point, time to live (TTL), and token type.
vault.token.lookup
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to look up a token in Vault |
vault.token.revoke-tree
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to fully revoke a token tree in Vault |
vault.token.revoke
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to revoke a token in Vault |
vault.token.store
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to store an updated token entry without writing to the secondary index |
vault.wal.deleteWALs
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to fully delete a write-ahead log |
vault.wal.flushReady
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to fully flush a write-ahead log that is ready for storage |
vault.wal.flushReady.queue_len
Metric type | Value | Description |
---|---|---|
summary | number | Current size of the write queue in the WAL system |
vault.wal.gc.deleted
Metric type | Value | Description |
---|---|---|
gauge | number | Number of write-ahead logs deleted during garbage collection |
vault.wal.gc.total
Metric type | Value | Description |
---|---|---|
gauge | number | Total number of write-ahead logs currently on disk |
vault.wal.loadWAL
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to load a write-ahead log |
vault.wal.persistWALs
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to persist a write-ahead log |
vault.wal.write_controller.d
Metric type | Value | Description |
---|---|---|
gauge | number | Current derivative value computed by the write controller. |
The vault.wal.write_controller.d
metric has limited production use, but Vault
developers may find vault.wal.write_controller.d
useful for tuning or
debugging controller behavior.
vault.wal.write_controller.i
Metric type | Value | Description |
---|---|---|
gauge | number | Current integral value computed by the write controller. |
The vault.wal.write_controller.i
metric has limited production use, but Vault
developers may find vault.wal.write_controller.i
useful for tuning or
debugging controller behavior.
vault.wal.write_controller.p
Metric type | Value | Description |
---|---|---|
gauge | number | Current proportional error value detected by the write controller. |
The vault.wal.write_controller.p
metric has limited production use, but Vault
developers may find vault.wal.write_controller.p
useful for tuning or
debugging controller behavior.
vault.wal.write_controller.reject_fraction
Metric type | Value | Description |
---|---|---|
gauge | number | The estimated fraction of write requests that must be rejected to maintain cluster stability. |
The write controller reject fraction is an estimate between 0 and 1.
vault.zookeeper.delete
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a DELETE operation against the ZooKeeper backend |
vault.zookeeper.get
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a GET operation against the ZooKeeper backend |
vault.zookeeper.list
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a LIST operation against the ZooKeeper backend |
vault.zookeeper.put
Metric type | Value | Description |
---|---|---|
summary | ms | Time required to complete a PUT operation against the ZooKeeper backend |