days to Istio 1.5

Default Metrics

This page presents details about the metrics that Istio collects when using its initial configuration. You can add and remove metrics by changing configuration at any time, but this is the built-in set. They can be found here under the section with “kind: metric”. It uses metric template to define these metrics.

We will describe metrics first and then the labels for each metric.

Metrics

For HTTP, HTTP/2, and GRPC traffic, Istio generates the following metrics:

  • Request Count (istio_requests_total): This is a COUNTER incremented for every request handled by an Istio proxy.

  • Request Duration (istio_request_duration_seconds): This is a DISTRIBUTION which measures the duration of requests.

  • Request Size (istio_request_bytes): This is a DISTRIBUTION which measures HTTP request body sizes.

  • Response Size (istio_response_bytes): This is a DISTRIBUTION which measures HTTP response body sizes.

For TCP traffic, Istio generates the following metrics:

  • Tcp Byte Sent (istio_tcp_sent_bytes_total): This is a COUNTER which measures the size of total bytes sent during response in case of a TCP connection.

  • Tcp Byte Received (istio_tcp_received_bytes_total): This is a COUNTER which measures the size of total bytes received during request in case of a TCP connection.

  • Tcp Connections Opened (istio_tcp_connections_opened_total): This is a COUNTER incremented for every opened connection.

  • Tcp Connections Closed (istio_tcp_connections_closed_total): This is a COUNTER incremented for every closed connection.

Labels

  • Reporter: This identifies the reporter of the request. It is set to destination if report is from a server Istio proxy and source if report is from a client Istio proxy.

    reporter: conditional((context.reporter.kind | "inbound") == "outbound", "source", "destination")
    
  • Source Workload: This identifies the name of source workload which controls the source.

    source_workload: source.workload.name | "unknown"
    
  • Source Workload Namespace: This identifies the namespace of the source workload.

    source_workload_namespace: source.workload.namespace | "unknown"
    
  • Source Principal: This identifies the peer principal of the traffic source. It is set when peer authentication is used.

    source_principal: source.principal | "unknown"
    
  • Source App: This identifies the source app based on app label of the source workload.

    source_app: source.labels["app"] | "unknown"
    
  • Source Version: This identifies the version of the source workload.

    source_version: source.labels["version"] | "unknown"
    
  • Destination Workload: This identifies the name of destination workload.

    destination_workload: destination.workload.name | "unknown"
    
  • Destination Workload Namespace: This identifies the namespace of the destination workload.

    destination_workload_namespace: destination.workload.namespace | "unknown"
    
  • Destination Principal: This identifies the peer principal of the traffic destination. It is set when peer authentication is used.

    destination_principal: destination.principal | "unknown"
    
  • Destination App: This identifies the destination app based on app label of the destination workload.

    destination_app: destination.labels["app"] | "unknown"
    
  • Destination Version: This identifies the version of the destination workload.

    destination_version: destination.labels["version"] | "unknown"
    
  • Destination Service: This identifies destination service host responsible for an incoming request. Ex: details.default.svc.cluster.local.

    destination_service: destination.service.host | "unknown"
    
  • Destination Service Name: This identifies the destination service name. Ex: “details”.

    destination_service_name: destination.service.name | "unknown"
    
  • Destination Service Namespace: This identifies the namespace of destination service.

    destination_service_namespace: destination.service.namespace | "unknown"
    
  • Request Protocol: This identifies the protocol of the request. It is set to API protocol if provided, otherwise request or connection protocol.

    request_protocol: api.protocol | context.protocol | "unknown"
    
  • Response Code: This identifies the response code of the request. This label is present only on HTTP metrics.

    response_code: response.code | 200
    
  • Connection Security Policy: This identifies the service authentication policy of the request. It is set to mutual_tls when Istio is used to make communication secure and report is from destination. It is set to unknown when report is from source since security policy cannot be properly populated.

    connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
    
  • Response Flags: Additional details about the response or connection from proxy. In case of Envoy, see %RESPONSE_FLAGS% in Envoy Access Log for more detail.

    response_flags: context.proxy_error_code | "-"
    
Was this information useful?
Do you have any suggestions for improvement?

Thanks for your feedback!