--- layout: docs page_title: Telemetry - Configuration sidebar_title: telemetry description: |- The telemetry stanza specifies various configurations for Vault to publish metrics to upstream systems. --- # `telemetry` Stanza The `telemetry` stanza specifies various configurations for Vault to publish metrics to upstream systems. Available Vault metrics can be found in the [Telemetry internals documentation](/docs/internals/telemetry). ```hcl telemetry { statsite_address = "statsite.company.local:8125" } ``` ## `telemetry` Parameters Due to the number of configurable parameters to the `telemetry` stanza, parameters on this page are grouped by the telemetry provider. ### Common The following options are available on all telemetry configurations. - `disable_hostname` `(bool: false)` - Specifies if gauge values should be prefixed with the local hostname. - `enable_hostname_label` `(bool: false)` - Specifies if all metric values should contain the `host` label with the local hostname. It is recommended to enable `disable_hostname` if this option is used. ### `statsite` These `telemetry` parameters apply to [statsite](https://github.com/armon/statsite). - `statsite_address` `(string: "")` - Specifies the address of a statsite server to forward metrics data to. ```hcl telemetry { statsite_address = "statsite.company.local:8125" } ``` ### `statsd` These `telemetry` parameters apply to [statsd](https://github.com/etsy/statsd). - `statsd_address` `(string: "")` - Specifies the address of a statsd server to forward metrics to. ```hcl telemetry { statsd_address = "statsd.company.local:8125" } ``` ### `circonus` These `telemetry` parameters apply to [Circonus](http://circonus.com/). - `circonus_api_token` `(string: "")` - Specifies a valid Circonus API Token used to create/manage check. If provided, metric management is enabled. - `circonus_api_app` `(string: "nomad")` - Specifies a valid app name associated with the API token. - `circonus_api_url` `(string: "https://api.circonus.com/v2")` - Specifies the base URL to use for contacting the Circonus API. - `circonus_submission_interval` `(string: "10s")` - Specifies the interval at which metrics are submitted to Circonus. - `circonus_submission_url` `(string: "")` - Specifies the `check.config.submission_url` field, of a Check API object, from a previously created HTTPTRAP check. - `circonus_check_id` `(string: "")` - Specifies the Check ID (**not check bundle**) from a previously created HTTPTRAP check. The numeric portion of the `check._cid` field in the Check API object. - `circonus_check_force_metric_activation` `(bool: false)` - Specifies if force activation of metrics which already exist and are not currently active. If check management is enabled, the default behavior is to add new metrics as they are encountered. If the metric already exists in the check, it will not be activated. This setting overrides that behavior. - `circonus_check_instance_id` `(string: ":")` - Serves to uniquely identify the metrics coming from this _instance_. It can be used to maintain metric continuity with transient or ephemeral instances as they move around within an infrastructure. By default, this is set to hostname:application name (e.g. "host123:nomad"). - `circonus_check_search_tag` `(string: :)` - Specifies a special tag which, when coupled with the instance id, helps to narrow down the search results when neither a Submission URL or Check ID is provided. By default, this is set to service:app (e.g. "service:nomad"). - `circonus_check_display_name` `(string: "")` - Specifies a name to give a check when it is created. This name is displayed in the Circonus UI Checks list. - `circonus_check_tags` `(string: "")` - Comma separated list of additional tags to add to a check when it is created. - `circonus_broker_id` `(string: "")` - Specifies the ID of a specific Circonus Broker to use when creating a new check. The numeric portion of `broker._cid` field in a Broker API object. If metric management is enabled and neither a Submission URL nor Check ID is provided, an attempt will be made to search for an existing check using Instance ID and Search Tag. If one is not found, a new HTTPTRAP check will be created. By default, this is a random Enterprise Broker is selected, or, the default Circonus Public Broker. - `circonus_broker_select_tag` `(string: "")` - Specifies a special tag which will be used to select a Circonus Broker when a Broker ID is not provided. The best use of this is to as a hint for which broker should be used based on _where_ this particular instance is running (e.g. a specific geo location or datacenter, dc:sfo). ### `dogstatsd` These `telemetry` parameters apply to [DogStatsD](http://docs.datadoghq.com/guides/dogstatsd/). - `dogstatsd_addr` `(string: "")` - This provides the address of a DogStatsD instance. DogStatsD is a protocol-compatible flavor of statsd, with the added ability to decorate metrics with tags and event information. If provided, Vault will send various telemetry information to that instance for aggregation. This can be used to capture runtime information. * `dogstatsd_tags` `(string array: [])` - This provides a list of global tags that will be added to all telemetry packets sent to DogStatsD. It is a list of strings, where each string looks like "my_tag_name:my_tag_value". ### `prometheus` These `telemetry` parameters apply to [prometheus](https://prometheus.io). - `prometheus_retention_time` `(string: "24h")` - Specifies the amount of time that Prometheus metrics are retained in memory. - `disable_hostname` `(bool: false)` - It is recommended to also enable the option `disable_hostname` to avoid having prefixed metrics with hostname. The `/v1/sys/metrics` endpoint is only accessible on active nodes and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics` endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp]. Vault does not use the default Prometheus path, so Prometheus must be configured with the path below. Note that using `?format=prometheus` in the path won't work as "?" will be escaped, so it must be specified as a parameter. A Vault token is required with `capabilities = ["read", "list"]` to /v1/sys/metrics. The Prometheus `bearer_token` or `bearer_token_file` options must be added to the scrape job. An example job_name stanza required in the [Prometheus config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) is provided below. ``` # prometheus.yml scrape_configs: - job_name: 'vault' metrics_path: "/v1/sys/metrics" params: format: ['prometheus'] scheme: https tls_config: ca_file: your_ca_here.pem bearer_token: "your_vault_token_here" static_configs: - targets: ['your_vault_server_here:8200'] ``` An example telemetry configuration to be added to Vault's configuration file is shown below: ```hcl telemetry { prometheus_retention_time = "30s" disable_hostname = true } ``` ### `stackdriver` These `telemetry` parameters apply to [Stackdriver Monitoring](https://cloud.google.com/monitoring/). The Stackdriver telemetry provider uses the official Google Cloud Golang SDK. This means it supports the common ways of [providing credentials to Google Cloud](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application). To use this telemetry provider, the service account must have the following minimum scope(s): ```text https://www.googleapis.com/auth/cloud-platform https://www.googleapis.com/auth/monitoring https://www.googleapis.com/auth/monitoring.write ``` And the following IAM role(s): ```text roles/monitoring.metricWriter ``` - `stackdriver_project_id` the Google Cloud ProjectID to send telemetry data to. - `stackdriver_location` the GCP or AWS region of the monitored resource. - `stackdriver_namespace` a namespace identifier for the telemetry data. It is recommended to also enable the option `disable_hostname` to avoid having prefixed metrics with hostname and enable instead `enable_hostname_label`. ```hcl telemetry { stackdriver_project_id = "my-test-project" stackdriver_location = "us-east1-a" stackdriver_namespace = "vault-cluster-a" disable_hostname = true enable_hostname_label = true } ``` [telemetry-tcp]: /docs/configuration/listener/tcp#telemetry-parameters