diff --git a/modules/network-observability-creating-metrics-network-events.adoc b/modules/network-observability-creating-metrics-network-events.adoc new file mode 100644 index 000000000000..59e0d5ce2c92 --- /dev/null +++ b/modules/network-observability-creating-metrics-network-events.adoc @@ -0,0 +1,56 @@ +// Module included in the following assemblies: +// +// * observability/network_observability/mertics-alerts-dashboards.adoc + +:_mod-docs-content-type: PROCEDURE +[id="network-observability-creating-metrics-network-events_{context}"] += Creating metrics from nested or array fields in the Traffic flows table + +:FeatureName: OVN Observability / Viewing `NetworkEvents` +include::snippets/technology-preview.adoc[] +[IMPORTANT] +==== +OVN Observability and the ability to view and track network events is available only in {product-title} 4.17 and 4.18. +==== +You can create a `FlowMetric` resource to generate metrics for nested or array fields in the *Traffic flows* table, such as *Network events* or *Interfaces*. The following example shows how to generate metrics from the *Network events* field for network policy events. + +.Prerequsities +* Enable `NetworkEvents feature`. See the Additional resources for how to do this. +* A network policy specified. + +.Procedure +. In the web console, navigate to *Operators* -> *Installed Operators*. +. In the *Provided APIs* heading for the *NetObserv Operator*, select *FlowMetric*. +. In the *Project* dropdown list, select the project of the Network Observability Operator instance. +. Click *Create FlowMetric*. +. Create `FlowMetric` resources to add the following configurations: ++ +.Configuration counting network policy events per policy name and namespace +[source,yaml] +---- +apiVersion: flows.netobserv.io/v1alpha1 +kind: FlowMetric +metadata: + name: network-policy-events + namespace: netobserv +spec: + metricName: network_policy_events_total + type: Counter + labels: [NetworkEvents>Type, NetworkEvents>Namespace, NetworkEvents>Name, NetworkEvents>Action, NetworkEvents>Direction] <1> + filters: + - field: NetworkEvents>Feature + value: acl + flatten: [NetworkEvents] <2> + remap: <3> + "NetworkEvents>Type": type + "NetworkEvents>Namespace": namespace + "NetworkEvents>Name": name + "NetworkEvents>Direction": direction +---- +<1> These labels represent the nested fields for *Network Events* from the *Traffic flows* table. Each network event has a specific type, namespace, name, action, and direction. You can alternatively specify the `Interfaces` if `NetworkEvents` is unavailable in your {product-title} version. +<2> Optional: You can choose to represent a field that contains a list of items as distinct items. +<3> Optional: You can rename the fields in Prometheus. + +.Verification +. In the web console, navigate to *Observe* -> *Dashboards* and scroll down to see the *Network Policy* tab. +. You should begin seeing metrics filter in based on the metric you created along with the network policy specifications. \ No newline at end of file diff --git a/modules/network-observability-metrics-names.adoc b/modules/network-observability-metrics-names.adoc index c2555fe71632..7d49f8ee9971 100644 --- a/modules/network-observability-metrics-names.adoc +++ b/modules/network-observability-metrics-names.adoc @@ -50,4 +50,9 @@ When the `FlowRTT` feature is enabled in `spec.agent.ebpf.features`, the followi * `namespace_rtt_seconds` * * `node_rtt_seconds` -* `workload_rtt_seconds` \ No newline at end of file +* `workload_rtt_seconds` + +Network events metrics names:: +When `NetworkEvents` feature is enabled, this metric is available by default: + +* `namespace_network_policy_events_total` \ No newline at end of file diff --git a/observability/network_observability/metrics-alerts-dashboards.adoc b/observability/network_observability/metrics-alerts-dashboards.adoc index ca2bec841cbc..3a404f16cd8f 100644 --- a/observability/network_observability/metrics-alerts-dashboards.adoc +++ b/observability/network_observability/metrics-alerts-dashboards.adoc @@ -14,10 +14,11 @@ include::modules/network-observability-metrics-names.adoc[leveloffset=+1] include::modules/network-observability-includelist-example.adoc[leveloffset=+1] include::modules/network-observability-custom-metrics.adoc[leveloffset=+1] include::modules/network-observability-configuring-custom-metrics.adoc[leveloffset=+1] +include::modules/network-observability-creating-metrics-network-events.adoc[leveloffset=+1] [IMPORTANT] ==== -High cardinality can affect the memory usage of Prometheus. You can check whether specific labels have high cardinality in the xref:../../observability/network_observability/json-flows-format-reference.adocl#network-observability-flows-format_json_reference[Network Flows format reference]. +High cardinality can affect the memory usage of Prometheus. You can check whether specific labels have high cardinality in the xref:../../observability/network_observability/json-flows-format-reference.adoc#network-observability-flows-format_json_reference[Network Flows format reference]. ==== include::modules/network-observability-flowmetrics-charts.adoc[leveloffset=+1] include::modules/network-observability-tcp-flag-syn-flood.adoc[leveloffset=+1]