Statistics

Listener

Every listener has a statistics tree rooted at listener.<address>. (or listener.<stat_prefix>. if stat_prefix is non-empty) with the following statistics:

Name

Type

Description

downstream_cx_total

Counter

Total connections

downstream_cx_destroy

Counter

Total destroyed connections

downstream_cx_active

Gauge

Total active connections

downstream_cx_length_ms

Histogram

Connection length milliseconds

downstream_cx_transport_socket_connect_timeout

Counter

Total connections that timed out during transport socket connection negotiation

downstream_cx_overflow

Counter

Total connections rejected due to enforcement of listener connection limit

downstream_cx_overload_reject

Counter

Total connections rejected due to configured overload actions

downstream_global_cx_overflow

Counter

Total connections rejected due to enforcement of global connection limit

connections_accepted_per_socket_event

Histogram

Number of connections accepted per listener socket event

downstream_pre_cx_timeout

Counter

Sockets that timed out during listener filter processing

downstream_pre_cx_active

Gauge

Sockets currently undergoing listener filter processing

extension_config_missing

Counter

Total connections closed due to missing listener filter extension configuration

network_extension_config_missing

Counter

Total connections closed due to missing network filter extension configuration

global_cx_overflow

Counter

Total connections rejected due to enforcement of the global connection limit

no_filter_chain_match

Counter

Total connections that didn’t match any filter chain

downstream_listener_filter_remote_close

Counter

Total connections closed by remote when peek data for listener filters

downstream_listener_filter_error

Counter

Total numbers of read errors when peeking data for listener filters

TLS statistics

The following TLS statistics are rooted at listener.<address>.ssl.:

Name

Type

Description

connection_error

Counter

Total TLS connection errors not including failed certificate verifications

handshake

Counter

Total successful TLS connection handshakes

session_reused

Counter

Total successful TLS session resumptions

no_certificate

Counter

Total successful TLS connections with no client certificate

fail_verify_no_cert

Counter

Total TLS connections that failed because of missing client certificate

fail_verify_error

Counter

Total TLS connections that failed CA verification

fail_verify_san

Counter

Total TLS connections that failed SAN verification

fail_verify_cert_hash

Counter

Total TLS connections that failed certificate pinning verification

ocsp_staple_failed

Counter

Total TLS connections that failed compliance with the OCSP policy

ocsp_staple_omitted

Counter

Total TLS connections that succeeded without stapling an OCSP response

ocsp_staple_responses

Counter

Total TLS connections where a valid OCSP response was available (irrespective of whether the client requested stapling)

ocsp_staple_requests

Counter

Total TLS connections where the client requested an OCSP staple

ciphers.<cipher>

Counter

Total successful TLS connections that used cipher <cipher>

curves.<curve>

Counter

Total successful TLS connections that used ECDHE curve <curve>

sigalgs.<sigalg>

Counter

Total successful TLS connections that used signature algorithm <sigalg>

versions.<version>

Counter

Total successful TLS connections that used protocol version <version>

was_key_usage_invalid

Counter

Total successful TLS connections that used an invalid keyUsage extension. (This is not avaiable in BoringSSL FIPS yet due to issue #28246)

TCP statistics

The following TCP statistics, which are available when using the TCP stats transport socket, are rooted at listener.<address>.tcp_stats.:

Note

These metrics are provided by the operating system. Due to differences in operating system metrics available and the methodology used to take measurements, the values may not be consistent across different operating systems or versions of the same operating system.

Name

Type

Description

cx_tx_segments

Counter

Total TCP segments transmitted

cx_rx_segments

Counter

Total TCP segments received

cx_tx_data_segments

Counter

Total TCP segments with a non-zero data length transmitted

cx_rx_data_segments

Counter

Total TCP segments with a non-zero data length received

cx_tx_retransmitted_segments

Counter

Total TCP segments retransmitted

cx_rx_bytes_received

Counter

Total payload bytes received for which TCP acknowledgments have been sent.

cx_tx_bytes_sent

Counter

Total payload bytes transmitted (including retransmitted bytes).

cx_tx_unsent_bytes

Gauge

Bytes which Envoy has sent to the operating system which have not yet been sent

cx_tx_unacked_segments

Gauge

Segments which have been transmitted that have not yet been acknowledged

cx_tx_percent_retransmitted_segments

Histogram

Percent of segments on a connection which were retransmistted

cx_rtt_us

Histogram

Smoothed round trip time estimate in microseconds

cx_rtt_variance_us

Histogram

Estimated variance in microseconds of the round trip time. Higher values indicated more variability.

UDP statistics

The following UDP statistics are available for UDP listeners and are rooted at listener.<address>.udp.:

Name

Type

Description

downstream_rx_datagram_dropped

Counter

Number of datagrams dropped due to kernel overflow or truncation

Per-handler Listener Stats

Every listener additionally has a statistics tree rooted at listener.<address>.<handler>. which contains per-handler statistics. As described in the threading model documentation, Envoy has a threading model which includes the main thread as well as a number of worker threads which are controlled by the --concurrency option. Along these lines, <handler> is equal to main_thread, worker_0, worker_1, etc. These statistics can be used to look for per-handler/worker imbalance on either accepted or active connections.

Name

Type

Description

downstream_cx_total

Counter

Total connections on this handler.

downstream_cx_active

Gauge

Total active connections on this handler.

Listener manager

The listener manager has a statistics tree rooted at listener_manager. with the following statistics. Any : character in the stats name is replaced with _.

Name

Type

Description

listener_added

Counter

Total listeners added (either via static config or LDS).

listener_modified

Counter

Total listeners modified (via LDS).

listener_removed

Counter

Total listeners removed (via LDS).

listener_stopped

Counter

Total listeners stopped.

listener_create_success

Counter

Total listener objects successfully added to workers.

listener_create_failure

Counter

Total failed listener object additions to workers.

listener_in_place_updated

Counter

Total listener objects created to execute filter chain update path.

total_filter_chains_draining

Gauge

Number of currently draining filter chains.

total_listeners_warming

Gauge

Number of currently warming listeners.

total_listeners_active

Gauge

Number of currently active listeners.

total_listeners_draining

Gauge

Number of currently draining listeners.

workers_started

Gauge

A boolean (1 if started and 0 otherwise) that indicates whether listeners have been initialized on workers.