From 6b41424606ca97a778de25b1fd9da4c99ebde89c Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Wed, 3 Jul 2024 23:06:34 +0000 Subject: [PATCH] fix(metrics/prometheus): adopt best prometheus practices for rules counters and sha256 file metrics Signed-off-by: Melissa Kilby --- userspace/falco/falco_metrics.cpp | 36 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/userspace/falco/falco_metrics.cpp b/userspace/falco/falco_metrics.cpp index 95dd24248a1..722e3e50e46 100644 --- a/userspace/falco/falco_metrics.cpp +++ b/userspace/falco/falco_metrics.cpp @@ -96,20 +96,17 @@ std::string falco_metrics::to_text(const falco::app::state& state) } #if defined(__linux__) and !defined(MINIMAL_BUILD) and !defined(__EMSCRIPTEN__) + // Distinguish between config and rules files using labels, following Prometheus best practices: https://prometheus.io/docs/practices/naming/#labels for (const auto& item : state.config.get()->m_loaded_rules_filenames_sha256sum) { fs::path fs_path = item.first; - std::string metric_name_file_sha256 = fs_path.filename().stem(); - metric_name_file_sha256 = "falco_sha256_rules_file_" + falco::utils::sanitize_metric_name(metric_name_file_sha256); - prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, item.second}}); + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("falco_sha256_rules_files", "falcosecurity", "falco", {{"file_name", fs_path.filename().stem()}}); } for (const auto& item : state.config.get()->m_loaded_configs_filenames_sha256sum) { fs::path fs_path = item.first; - std::string metric_name_file_sha256 = fs_path.filename().stem(); - metric_name_file_sha256 = "falco_sha256_config_file_" + falco::utils::sanitize_metric_name(metric_name_file_sha256); - prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric_name_file_sha256, "falcosecurity", "falco", {{metric_name_file_sha256, item.second}}); + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus("falco_sha256_config_files", "falcosecurity", "falco", {{"file_name", fs_path.filename().stem()}}); } #endif @@ -174,7 +171,7 @@ std::string falco_metrics::to_text(const falco::app::state& state) { const stats_manager& rule_stats_manager = state.engine->get_rule_stats_manager(); const indexed_vector& rules = state.engine->get_rules(); - auto metric = libs_metrics_collector.new_metric("rules.matches_total", + auto metric = libs_metrics_collector.new_metric("rules_matches_total", METRICS_V2_RULE_COUNTERS, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_COUNT, @@ -184,25 +181,28 @@ std::string falco_metrics::to_text(const falco::app::state& state) prometheus_metrics_converter.convert_metric_to_unit_convention(metric); prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco"); const std::vector>>& rules_by_id = rule_stats_manager.get_by_rule_id(); + // Distinguish between rules counters using labels, following Prometheus best practices: https://prometheus.io/docs/practices/naming/#labels for (size_t i = 0; i < rules_by_id.size(); i++) { auto rule = rules.at(i); - std::string rules_metric_name = "rules." + falco::utils::sanitize_metric_name(rule->name); - // Separate processing of rules counter metrics given we add extra tags - auto metric = libs_metrics_collector.new_metric(rules_metric_name.c_str(), + auto count = rules_by_id[i]->load(); + if (count > 0) + { + auto metric = libs_metrics_collector.new_metric("rules_counters", METRICS_V2_RULE_COUNTERS, METRIC_VALUE_TYPE_U64, METRIC_VALUE_UNIT_COUNT, METRIC_VALUE_METRIC_TYPE_MONOTONIC, rules_by_id[i]->load()); - prometheus_metrics_converter.convert_metric_to_unit_convention(metric); - const std::map& const_labels = { - {"rule", rule->name}, - {"priority", std::to_string(rule->priority)}, - {"source", rule->source}, - {"tags", concat_set_in_order(rule->tags)} - }; - prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco", const_labels); + prometheus_metrics_converter.convert_metric_to_unit_convention(metric); + const std::map& const_labels = { + {"rule_name", rule->name}, + {"priority", std::to_string(rule->priority)}, + {"source", rule->source}, + {"tags", concat_set_in_order(rule->tags)} + }; + prometheus_text += prometheus_metrics_converter.convert_metric_to_text_prometheus(metric, "falcosecurity", "falco", const_labels); + } } } }