Monitoring Metrics and Logging

FTL provides monitoring metrics to help you gauge the health of the FTL realm. There are many metrics, including the amount of CPU time used by a client program, the number of pending messages in a persistence store, and others. See Catalog of Metrics and FTL Prometheus Metric Naming for a list of metrics.

For FTL client programs, the FTL library collects metrics about the client’s operation and sends those metrics to FTL server in heartbeat messages. See Client Monitoring. Each FTL server also collects metrics about its own operation. The leader FTL server holds metrics from each FTL server in an FTL server cluster.

There are two ways to consume metrics. Refer to “TIBCO Messaging Monitor for FTL” for additional tooling.

  • The Prometheus web API endpoint (GET /metrics). Users of FTL are strongly encouraged to use this endpoint.

    • Prometheus is a monitoring tool that helps in analyzing the application metrics for flows and activities.

    • Prometheus servers scrape data from the HTTP /metrics endpoint of the FTL server.

    • Prometheus integrates with Grafana, which provides better visual analytics.

  • The monitoring destination included in the FTL client API. This destination is intended to support older monitoring solutions, namely the tibmongateway executable from old releases of “TIBCO Messaging Monitor for FTL”. Users are encouraged to switch to the Prometheus endpoint instead.

    • The monitoring destination allows FTL client programs to consume metrics directly from FTL server. FTL server collects metrics from FTL clients and FTL servers and forwards them to the consuming client. See Structure of Monitoring Data Messages.

In addition, FTL may optionally collect logs from FTL clients and FTL servers. These logs may be consumed by subscribing to the logging destination. See Central Logging.

Metrics and logs may be secured by doing the following:

  • Enabling TLS. When TLS is enabled, consumers of the Prometheus endpoint must issue HTTPS calls. Consumers of the monitoring and logging destinations must enable TLS in the FTL realm connect call. See Enabling TLS for FTL Server.

  • Enabling authentication. When authentication is enabled, consumers of the Prometheus endpoint must authenticate to FTL server and belong to the built-in ftl-admin authorization group. Consumers of the monitoring and logging destinations must enable authentication in the FTL realm connect call. See Authentication and Authorization and FTL Server Authorization Groups.

  • Enabling fine-grained permissions. When fine-grained permissions are enabled, consumers of the Prometheus endpoint must belong to the built-in ftl-admin authorization group, as above. For consumers of the monitoring and logging destinations, you may grant the subscribe permission to specific users or groups on the built-in monitoring and logging stores. Or, to prevent access to the monitoring and logging destinations, do not grant any permissions on the monitoring and logging stores. See Authorization.