ESS Metrics
Enterprise Solid Server (ESS) provides comprehensive metrics for monitoring and observability. This page documents some of the available metrics categories and how to access them.
Storage Metrics
ESS includes a Storage Metrics feature to gather the following metrics:
The total number of Pods.
The number of "created" Pods (i.e., Pods that have been created and confirmed).
The number of "deleted" Pods (i.e., Pods that have been soft-deleted, i.e., marked as deleted).
The Storage Metrics is run as a Kubernetes CronJobs. To modify its schedule, see Modify Storage Metrics Schedule.
Observability
Storage Metrics emits Prometheus metrics with the following labeled names.
All of the following are prefixed with application_com_inrupt_storage_metrics_MetricsCollector_.
{metricType="count", resourceType="pod", resourceStatus="all"}
Total number of Pods (both "created" and "deleted").
{metricType="count", resourceType="pod", resourceStatus="created"}
The number of Pods that have been created and confirmed.
{metricType="count", resourceType="pod", resourceStatus="deleted"}
The number of Pods that have been marked as deleted.
collect
Time taken to run the queries to gather the metrics.
See also Service Metrics: Prometheus Configuration.
Access Grant Metrics
ESS provides Access Grant Metrics to monitor the state and lifecycle of credentials managed by the system. These metrics enable detailed tracking of Access Requests, Access Grants, and Access Denials.
Overview
Access Grant Metrics provide granular visibility into credential states across the ESS deployment. The metrics are collected and cached at the application level, providing real-time insights into:
Access Requests - Track requests in various states including pending, granted, denied, canceled, and expired
Access Grants - Monitor active, expired, and revoked grants
Access Denials - Count total denials issued by the system
These metrics support operational monitoring, compliance tracking, and status-based alerting for authorization workflows.
Observability
Access Grant Metrics are exposed as Prometheus metrics with absolute metric names. Each metric type includes labels to differentiate between credential states.
Access Request Metrics
All Access Request metrics use the base name application_com_inrupt_vc_access_request_count with a status label:
{status="pending"}
Access requests that do not have a corresponding Access Grant or Access Denial.
{status="denied"}
Access requests with a corresponding Access Denial.
{status="granted"}
Access requests with a corresponding Access Grant.
{status="canceled"}
Access requests that have been revoked/canceled.
{status="expired"}
Access requests that have expired.
Access Grant Metrics
All Access Grant metrics use the base name application_com_inrupt_vc_access_grant_count with a status label:
{status="active"}
Access grants that are not expired or revoked.
{status="expired"}
Access grants that have expired.
{status="revoked"}
Access grants that have been revoked.
Access Denial Metrics
Access Denial metrics use the metric name application_com_inrupt_vc_access_denial_count and represent the total count of all access denials managed by the service.
Configuration
Access Grant Metrics are automatically collected by the credential service using a caching mechanism to optimize performance. The caching layer minimizes the performance impact on the credential management service, however the cached metrics may not always reflect real-time values with complete accuracy.
For configuration options to customize cache expiration times, see Access Grant Service: Access Grant Metrics Cache Configuration.
Last updated