# ESS Metrics

Enterprise Solid Server (ESS) provides comprehensive metrics for monitoring and observability. This page documents some of the available metrics categories and how to access them.

## Storage Metrics

ESS includes a [Storage Metrics](https://docs.inrupt.com/ess/services/service-pod-management/service-pod-storage#storage-metrics) feature to gather the following metrics:

* The total number of Pods.
* The number of "created" Pods (i.e., Pods that have been created and confirmed).
* The number of "deleted" Pods (i.e., Pods that have been soft-deleted, i.e., marked as deleted).

The Storage Metrics is run as a [Kubernetes CronJobs](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/). To modify its schedule, see [Modify Storage Metrics Schedule](https://docs.inrupt.com/ess/latest/installation/customize-configurations/customization-pod-maintenance/modify-storage-metrics).

### Observability

Storage Metrics emits Prometheus metrics with the following labeled names.

All of the following are prefixed with **`application_com_inrupt_storage_metrics_MetricsCollector_`**.

<table data-header-hidden><thead><tr><th width="254.65625"></th><th></th></tr></thead><tbody><tr><td><strong><code>{metricType="count", resourceType="pod", resourceStatus="all"}</code></strong></td><td>Total number of Pods (both "created" and "deleted").</td></tr><tr><td><strong><code>{metricType="count", resourceType="pod", resourceStatus="created"}</code></strong></td><td>The number of Pods that have been created and confirmed.</td></tr><tr><td><strong><code>{metricType="count", resourceType="pod", resourceStatus="deleted"}</code></strong></td><td>The number of Pods that have been marked as deleted.</td></tr><tr><td><strong><code>collect</code></strong></td><td>Time taken to run the queries to gather the metrics.</td></tr></tbody></table>

See also [Service Metrics: Prometheus Configuration](https://docs.inrupt.com/ess/latest/administration/service-metrics-prometheus-configuration).

## Access Grant Metrics

ESS provides Access Grant Metrics to monitor the state and lifecycle of credentials managed by the system. These metrics enable detailed tracking of Access Requests, Access Grants, and Access Denials.

### Overview

Access Grant Metrics provide granular visibility into credential states across the ESS deployment. The metrics are collected and cached at the application level, providing real-time insights into:

* **Access Requests** - Track requests in various states including pending, granted, denied, canceled, and expired
* **Access Grants** - Monitor active, expired, and revoked grants
* **Access Denials** - Count total denials issued by the system

These metrics support operational monitoring, compliance tracking, and status-based alerting for authorization workflows.

### Observability

{% tabs %}
{% tab title="Prometheus" %}
Access Grant Metrics are exposed as Prometheus metrics with absolute metric names. Each metric type includes labels to differentiate between credential states.

**Access Request Metrics**

All Access Request metrics use the base name **`application_com_inrupt_vc_access_request_count`** with a **`status`** label:

<table data-header-hidden><thead><tr><th width="200"></th><th></th></tr></thead><tbody><tr><td><strong><code>{status="pending"}</code></strong></td><td>Access requests that do not have a corresponding Access Grant or Access Denial.</td></tr><tr><td><strong><code>{status="denied"}</code></strong></td><td>Access requests with a corresponding Access Denial.</td></tr><tr><td><strong><code>{status="granted"}</code></strong></td><td>Access requests with a corresponding Access Grant.</td></tr><tr><td><strong><code>{status="canceled"}</code></strong></td><td>Access requests that have been revoked/canceled.</td></tr><tr><td><strong><code>{status="expired"}</code></strong></td><td>Access requests that have expired.</td></tr></tbody></table>

**Access Grant Metrics**

All Access Grant metrics use the base name **`application_com_inrupt_vc_access_grant_count`** with a **`status`** label:

<table data-header-hidden><thead><tr><th width="200"></th><th></th></tr></thead><tbody><tr><td><strong><code>{status="active"}</code></strong></td><td>Access grants that are not expired or revoked.</td></tr><tr><td><strong><code>{status="expired"}</code></strong></td><td>Access grants that have expired.</td></tr><tr><td><strong><code>{status="revoked"}</code></strong></td><td>Access grants that have been revoked.</td></tr></tbody></table>

**Access Denial Metrics**

Access Denial metrics use the metric name **`application_com_inrupt_vc_access_denial_count`** and represent the total count of all access denials managed by the service.

See also [Service Metrics: Prometheus Configuration](https://docs.inrupt.com/ess/latest/administration/service-metrics-prometheus-configuration).
{% endtab %}
{% endtabs %}

### Configuration

Access Grant Metrics are automatically collected by the credential service using a caching mechanism to optimize performance. The caching layer minimizes the performance impact on the credential management service, however the cached metrics may not always reflect real-time values with complete accuracy.

For configuration options to customize cache expiration times, see [Access Grant Service: Access Grant Metrics Cache Configuration](https://docs.inrupt.com/ess/services/service-access-grant#access-grant-metrics-cache-configuration).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inrupt.com/ess/latest/administration/ess-metrics.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.