Exporting metrics
Envoy emits many statistics on both its own operation and various dimensions on
inbound and outbound traffic. To learn more about Envoy statistics, see Statistics/stats
endpoint on the proxy’s administration port, which
is typically 9901
.
The stat
prefix will be different depending on if you're using single
or multiple listeners. Below are some examples to illustrate the differences.
Warning
If you update your single listener to the multiple listener feature, you can face a breaking change due to the updated stat prefix illustrated in the following table.
We suggest you use Envoy image 1.22.2.1-prod
or later. This
allows you to see similar metric names in your Prometheus endpoint.
Single Listener (SL)/Existing stats with "ingress" listener prefix | Multiple Listeners (ML)/New stats with "ingress.<protocol>.<port>" listener prefix |
---|---|
|
|
|
|
|
|
For more information about the stats endpoint, see Statistics endpoint
Prometheus for App Mesh with Amazon EKS
Prometheus is an open-source monitoring and alerting toolkit. One of its capabilities is
to specify a format for emitting metrics that can be consumed by other systems. For more
information about Prometheus, see Overview/stats?format=prometheus
.
For customers that are using Envoy image build v1.22.2.1-prod, there are two additional dimensions to indicate ingress listener specific stats:
-
appmesh.listener_protocol
-
appmesh.listener_port
Below is a comparison between Prometheus existing stats vs new stats.
-
Existing stats with "ingress" listener prefix
envoy_http_downstream_rq_xx{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_node="foodteller-vn",envoy_response_code_class="2",envoy_http_conn_manager_prefix="ingress"} 931433
-
New stats with "ingress.<protocol>.<port>" + Appmesh Envoy Image v1.22.2.1-prod or later
envoy_http_downstream_rq_xx{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_node="foodteller-vn",envoy_response_code_class="2",appmesh_listener_protocol="http",appmesh_listener_port="5555",envoy_http_conn_manager_prefix="ingress"} 20
-
New stats with "ingress.<protocol>.<port>" + custom Envoy Imagebuild
envoy_http_http_5555_downstream_rq_xx{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_node="foodteller-vn",envoy_response_code_class="2",envoy_http_conn_manager_prefix="ingress"} 15983
For multiple listeners, the cds_ingress_<mesh name>_<virtual gateway
name>_self_redirect_<ingress_listener_port>_<protocol>_<port>
special cluster will
be listener specific.
-
Existing stats with "ingress" listener prefix
envoy_cluster_assignment_stale{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_gateway="tellergateway-vg",Mesh="multiple-listeners-mesh",VirtualGateway="tellergateway-vg",envoy_cluster_name="cds_ingress_multiple-listeners-mesh_tellergateway-vg_self_redirect_http_15001"} 0
-
New stats with "ingress.<protocol>.<port>"
envoy_cluster_assignment_stale{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_gateway="tellergateway-vg",envoy_cluster_name="cds_ingress_multiple-listeners-mesh_tellergateway-vg_self_redirect_1111_http_15001"} 0 envoy_cluster_assignment_stale{appmesh_mesh="multiple-listeners-mesh",appmesh_virtual_gateway="tellergateway-vg",envoy_cluster_name="cds_ingress_multiple-listeners-mesh_tellergateway-vg_self_redirect_2222_http_15001"} 0
Installing Prometheus
-
Add the EKS repository to Helm:
helm repo add eks https://aws.github.io/eks-charts
-
Install App Mesh Prometheus
helm upgrade -i appmesh-prometheus eks/appmesh-prometheus \ --namespace appmesh-system
Prometheus Example
The following is an example of creating a PersistentVolumeClaim
for
Prometheus persistent storage.
helm upgrade -i appmesh-prometheus eks/appmesh-prometheus \ --namespace appmesh-system \ --set retention=12h \ --set persistentVolumeClaim.claimName=prometheus
Walkthrough for using Prometheus
To learn more about Prometheus and Prometheus with Amazon EKS
CloudWatch for App Mesh
Emitting Envoy stats to CloudWatch from Amazon EKS
You can install the CloudWatch Agent to your cluster and configure it to collect a subset of
metrics from your proxies. If you do not already have an Amazon EKS cluster, then you can
create one with the steps in Walkthrough: App Mesh with Amazon EKS
To set the appropriate IAM permissions for your cluster and install the agent, follow the steps in Install the CloudWatch Agent with Prometheus Metrics Collection. The default installation contains a Prometheus scrape configuration which pulls a useful subset of Envoy stats. For more information, see Prometheus Metrics for App Mesh.
To create an App Mesh custom CloudWatch dashboard configured to display the metrics that the agent is collecting, follow the steps in the Viewing Your Prometheus Metrics tutorial. Your graphs will begin to populate with the corresponding metrics as traffic enters the App Mesh application.
Filtering metrics for CloudWatch
The App Mesh metrics extension provides a subset of useful metrics that give you insights into the behaviors of the resources you define in your mesh. Since the CloudWatch agent supports scraping Prometheus metrics, you can provide a scrape configuration to select the metrics you want to pull from Envoy and send to CloudWatch.
You can find an example of scraping metrics using Prometheus in our Metrics Extension
CloudWatch Example
You can find a sample configuration of CloudWatch in our AWS Samples
repository
Walkthroughs for using CloudWatch
Metrics extension for App Mesh
Envoy generates hundreds of metrics broken down into a few different dimensions. The metrics aren't straightforward in the way they relate back to App Mesh. In the case of virtual services, there is no mechanism to know for sure which virtual service is communicating to a given virtual node or virtual gateway.
The App Mesh metrics extension enhances Envoy proxies running in your mesh. This enhancement allows the proxies to emit additional metrics that are aware of the resources you define. This small subset of additional metrics will help give you greater insight into the behavior of those resources you defined in App Mesh.
To enable the App Mesh metrics extension, set the environment variable
APPMESH_METRIC_EXTENSION_VERSION
to 1
.
APPMESH_METRIC_EXTENSION_VERSION=1
For more information about Envoy configuration variables, see Envoy configuration variables.
Metrics Related to Inbound Traffic
-
ActiveConnectionCount
-
envoy.appmesh.ActiveConnectionCount
— Number of active TCP connections. -
Dimensions — Mesh, VirtualNode, VirtualGateway
-
-
NewConnectionCount
-
envoy.appmesh.NewConnectionCount
— Total number of TCP connections. -
Dimensions — Mesh, VirtualNode, VirtualGateway
-
-
ProcessedBytes
-
envoy.appmesh.ProcessedBytes
— Total TCP bytes sent to and received from downstream clients. -
Dimensions — Mesh, VirtualNode, VirtualGateway
-
-
RequestCount
-
envoy.appmesh.RequestCount
— The number of processed HTTP requests. -
Dimensions — Mesh, VirtualNode, VirtualGateway
-
-
GrpcRequestCount
-
envoy.appmesh.GrpcRequestCount
— The number of processed gPRC requests. -
Dimensions — Mesh, VirtualNode, VirtualGateway
-
Metrics Related to Outbound Traffic
You will see different dimensions on your outbound metrics based on if they come from a virtual node or a virtual gateway.
-
TargetProcessedBytes
-
envoy.appmesh.TargetProcessedBytes
— Total TCP bytes sent to and received from targets upstream of Envoy. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
HTTPCode_Target_2XX_Count
-
envoy.appmesh.HTTPCode_Target_2XX_Count
— The number of HTTP requests to a target upstream of Envoy that resulted in a 2xx HTTP response. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
HTTPCode_Target_3XX_Count
-
envoy.appmesh.HTTPCode_Target_3XX_Count
— The number of HTTP requests to a target upstream of Envoy that resulted in a 3xx HTTP response. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
HTTPCode_Target_4XX_Count
-
envoy.appmesh.HTTPCode_Target_4XX_Count
— The number of HTTP requests to a target upstream of Envoy that resulted in a 4xx HTTP response. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
HTTPCode_Target_5XX_Count
-
envoy.appmesh.HTTPCode_Target_5XX_Count
— The number of HTTP requests to a target upstream of Envoy that resulted in a 5xx HTTP response. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
RequestCountPerTarget
-
envoy.appmesh.RequestCountPerTarget
— The number of requests sent to a target upstream of Envoy. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
-
TargetResponseTime
-
envoy.appmesh.TargetResponseTime
— The time elapsed from when a request is made to a target upstream of Envoy to when the full response is received. -
Dimensions:
-
Virtual node dimensions — Mesh, VirtualNode, TargetVirtualService, TargetVirtualNode
-
Virtual gateway dimensions — Mesh, VirtualGateway, TargetVirtualService, TargetVirtualNode
-
-
Datadog for App Mesh
Datadog is a monitoring and security applicaton for end to end monitoring, metrics, and logging of cloud applications. Datadog makes your infrastructure, applications, and third-party applications completely observable.
Installing Datadog
-
EKS - To setup Datadog with EKS, follow these steps from the Datadog docs
. -
ECS EC2 - To set up Datadog with ECS EC2, follow these steps from the Datadog docs
.