Default Metrics

    We will describe metrics first and then the labels for each metric.

    For HTTP, HTTP/2, and GRPC traffic, Istio generates the following metrics:

    • Request Count (): This is a COUNTER incremented for every request handled by an Istio proxy.

    • Request Size (istio_request_bytes): This is a DISTRIBUTION which measures HTTP request body sizes.

    • Response Size (istio_response_bytes): This is a DISTRIBUTION which measures HTTP response body sizes.

    For TCP traffic, Istio generates the following metrics:

    • Tcp Byte Received (istio_tcp_received_bytes_total): This is a COUNTER which measures the size of totalbytes received during request in case of a TCP connection.

    • Tcp Connections Opened (istio_tcp_connections_opened_total): This is a incremented for every opened connection.

    • Tcp Connections Closed (istio_tcp_connections_closed_total): This is a COUNTER incremented for every closed connection.

    Labels

    • Reporter: This identifies the reporter of the request. It is set to destinationif report is from a server Istio proxy and source if report is from a clientIstio proxy.
    • Source Workload: This identifies the name of source workload whichcontrols the source.
    1. source_workload: source.workload.name | "unknown"
    1. source_workload_namespace: source.workload.namespace | "unknown"
    • Source Principal: This identifies the peer principal of the traffic source.It is set when peer authentication is used.
    1. source_principal: source.principal | "unknown"
    • Source App: This identifies the source app based on app label of thesource workload.
    1. source_app: source.labels["app"] | "unknown"
    • Source Version: This identifies the version of the source workload.
    1. source_version: source.labels["version"] | "unknown"
    • Destination Workload: This identifies the name of destination workload.
    • Destination Workload Namespace: This identifies the namespace of the destinationworkload.
    1. destination_workload_namespace: destination.workload.namespace | "unknown"
    • Destination Principal: This identifies the peer principal of the traffic destination.It is set when peer authentication is used.
    1. destination_principal: destination.principal | "unknown"
    • Destination App: This identifies the destination app based on label of thedestination workload.
      • Destination Version: This identifies the version of the destination workload.
      1. destination_version: destination.labels["version"] | "unknown"
      • Destination Service: This identifies destination service host responsiblefor an incoming request. Ex: details.default.svc.cluster.local.
      1. destination_service: destination.service.host | "unknown"
      • Destination Service Name: This identifies the destination service name.Ex: “details”.
      • Destination Service Namespace: This identifies the namespace ofdestination service.
      1. destination_service_namespace: destination.service.namespace | "unknown"
      • Request Protocol: This identifies the protocol of the request. It is setto API protocol if provided, otherwise request or connection protocol.
      1. request_protocol: api.protocol | context.protocol | "unknown"
      • Response Code: This identifies the response code of the request. Thislabel is present only on HTTP metrics.
      1. response_code: response.code | 200
      • Connection Security Policy: This identifies the service authentication policy ofthe request. It is set to mutual_tls when Istio is used to make communicationsecure and report is from destination. It is set to unknown when report is fromsource since security policy cannot be properly populated.
      1. connection_security_policy: conditional((context.reporter.kind | "inbound") == "outbound", "unknown", conditional(connection.mtls | false, "mutual_tls", "none"))
      1. response_flags: context.proxy_error_code | "-"