Here you are configuring the Prometheus Exporter for the Metrics Aggregator. This is separate from the Prometheus Exporter for this Appliance - which cannot cohabit with the Metrics Aggregator because they share the same default port. The Prometheus Aggregator needs to know from which appliances to collect metrics.
Metrics Aggregation Source
Choose the Sites that will have metrics exported by this Metrics Aggregator. By default, all Sites will be exported.
All the appliances on the selected Site(s) will now have their metrics collected by the Metrics Aggregator. If an appliance's metrics have never been collected then the appliance health will switch to Warning. Once working correctly the appliance health can also switch to Warning in no metrics are collected for a period of 4 minutes.
Metric Data
Select the labels to exclude from the metrics data. If you do not need metric_ids it is good practice to exclude them as they are quite long and increase the overall data size considerably.
Port
The default is port 5556 for a Prometheus exporter. There are also a number of options which can be used to secure the connection used to scrape the metrics from the Aggregator.
Allow Access
To allow inbound traffic, the requesting IP address must match at least one of these source addresses. By default the list contains 2 entries: address (0.0.0.0) and netmask 0 & address :: and netmask 0.
If the list is empty, no connections are allowed.
If an entry contains address, netmask and interface, then both subnet and interface must match.
If an entry only contains address and netmask, then only subnet needs to match.
If an entry only contains interface, then only the interface must match.
Example:
Address | (OPTIONAL: IPv4 or IPv6 address of host or subnet to allow) |
Netmask Length | (OPTIONAL: Netmask, set to 32 (IPv4) or 128 (IPv6) for single host) |
Interface | (OPTIONAL: ethX, only allow connections through this interface) |
Enable HTTPS
Allow the use of HTTPS for aggregated metrics export. Metrics scraping requires a PKCS#12 file containing a certificate signed by a trusted CA (for the appliance hostname) and the private key; these are required to terminate the inbound HTTPS connection used to scrape the metrics.
HTTPS Certificate - PKCS#12
Allows you to upload a PKCS #12 file which includes a CA signed certificate to allow inbound connections to scrape metrics.
File
Select the PKCS #12 file to upload.
Password
The password for the PKCS #12 file.
See Adding third party certificates for more details
Enable Basic Authentication
Use Basic Authentication (use with HTTPS to avoid exposing credentials).
Allowed Users
Add username and password for allowed users. These should be the same as you have configured on your Prometheus server.