Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Build Status


The bluemedora-firehose-nozzle is a Cloud Foundry component which collects metrics for the Loggregator Firehose and exposes them via a RESTful API.

BOSH Release

If you wish to use BOSH to deploy the nozzle, the BOSH release for can be found here.

Deploying as CF App

The nozzle is deployable via cf-cli. The manifest.yml is setup in a default configuration to be deployed as a cf app. The BM_WEBSERVER_USE_SSL environment variable in the manifest.yml must be set to false during a cf app deployment as internal cloud foundry communication does not use SSL. It is also advisable to keep the BM_STDOUT_LOGGING environment variable as true, or else the log files could grow rather fast and use up the allocated disk space.

Configure Cloud Foundry UAA for Firehose Nozzle

The Blue Medora nozzle requires a UAA user who is authorized to access the loggregator firehose, has doppler.firehose premissions. You can add a user by editing your Cloud Foundry BOSH manifest to include the details about this user under the properties.uaa.clients section. Example configuration would look like:

        access-token-validity: 1209600
        authorized-grant-types: authorization_code,client_credentials,refresh_token
        override: true
        secret: <password>
        scope: openid,oauth.approvals,doppler.firehose
        authorities: oauth.login,doppler.firehose

For more on setting up a nozzle user with BOSH refer to Cloud Foundry documentation.

For information on managing UAA users within Cloud Foundry refer to this guide.

Configuring Nozzle

The Blue Medora Nozzle uses a configuration file, located at config/bluemedora-firehose-nozzle.json, to successfully connect to the firehose and expose a RESTful API. Here is an example configuration of the file:

    "UAAURL": "",
    "UAAUsername": "apps_metrics_processing",
    "UAAPassword": "password",
    "RLPURL": "wss://",
    "SubscriptionID": "bluemedora-nozzle-id",
    "DisableAccessControl": false,
    "InsecureSSLSkipVerify": true,
    "IdleTimeoutSeconds": 30,
    "MetricCacheDurationSeconds": 300,
    "WebServerPort": 8081,
    "WebServerUseSSL": true
Config Field Description
UAAURL The UAA login URL of the Cloud Foundry deployment.
UAAUsername The UAA username that has access to read from Loggregator Firehose.
UAAPassword Password for the UAAUsername.
RLPURL The URL for the Traffic Controller. To find this follow the instructions in the documentation.
SubscriptionID The subscription ID of the nozzle. To find out more about subscription IDs and nozzle scaling see the documentation.
DisableAccessControl If true, disables authentication with UAA. Used in lattice deployments.
InsecureSSLSkipVerify If true, allows insecure connections to the UAA and Traffic Controller endpoints.
IdleTimeoutSeconds The amount of time, in seconds, the connection to the Firehose can be idle before disconnecting.
MetricCacheDurationSeconds The amount of time, in seconds, the RESTful API web server will cache metric data. The higher this duration the less likely the data will be correct for a certain metric as it could hold stale data.
WebServerPort Port to connect to the RESTful API.
WebServerUseSSL If true the RESTful API web server will use HTTPS, else it uses HTTP

Environment Variables

The nozzle can also be configured by setting a set of environment variables. The variables and what config field they map to are listed below.

Environment Variable Config Field
PORT WebServerPort
BM_STDOUT_LOGGING Does not correspond to a config field, but signals if logging should save to files or straight to stdout.
BM_LOG_LEVEL Does not correspond to a config field, but allows you to configure the log level for the nozzle. See gosteno for possible values.

SSL Certificates

The Blue Medora Nozzle uses SSL for it's REST web server if the WebServerUseSSL flag is set to true. In order to generate these certificates simply run the command below and answer the questions.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem

Project setup

To get the project:

go get -u

Then init dep

dep init

dep ensure


To run the Blue Medora nozzle simple execute:

go run main.go


The webserver is how metrics can be pulled out of the nozzle. It provides a RESTful API that requires an authentication token.

Token Request

A token can be requested from the /token endpoint. A token times out after 60 seconds. In order to request a token a GET with the two header pairs username and password with values that correspond to the UAA user in the bluemedora-firehose-nozzle.json config.

If a successful login occurs the response will contain a header pair of token and the value will be your token.

Metric Endpoints

Once a valid token is acquired a GET request with the header pair token and value of your token can be sent to one of the following endpoints:

  • /metron_agents
  • /syslog_drains
  • /tps_watchers
  • /tps_listeners
  • /stagers
  • /ssh_proxies
  • /senders
  • /route_emitters
  • /reps
  • /receptors
  • /nsync_listeners
  • /nsync_bulkers
  • /garden_linuxs
  • /file_servers
  • /fetchers
  • /convergers
  • /cc_uploaders
  • /bbs
  • /auctioneers
  • /etcds
  • /doppler_servers
  • /cloud_controllers
  • /traffic_controllers
  • /gorouters
  • /lockets

A JSON response will be sent in the following form:

           "value": integer_value,
           "timestamp": integer_unix_nanosecond_timestamp
           "value": integer_value,
           "timestamp": integer_unix_nanosecond_timestamp
           "value": integer_value,
           "timestamp": integer_unix_nanosecond_timestamp
           "value": integer_value,
           "timestamp": integer_unix_nanosecond_timestamp

NOTE: Counter metrics are reported as totals over time. The consumer must take the delta between two totals to get the current value as time changes.


No description, website, or topics provided.




No packages published