Connect Geneos to ITRS Analytics

Overview Copied

ITRS Analytics is an observability platform for data storage and analytics. You can configure Gateways and Netprobes to publish data to ITRS Analytics so you can store and analyze metrics, logs and events in ITRS Analytics.

The Gateway connects to ITRS Analytics via two separate pipelines:

Communication protocol and requirements Copied

Gateway publishes data to ITRS Analytics using gRPC (Google Remote Procedure Call), which requires HTTP/2 as the underlying transport protocol.

Important

HTTP/1.x is not supported for Gateway to ITRS Analytics connection.

The technical decision to use gRPC and HTTP/2 provides several critical advantages for high-volume telemetry data:

Network infrastructure requirements Copied

Critical: Verify HTTP/2 and gRPC support for ingestion pipeline

The ingestion pipeline uses gRPC and requires network infrastructure that supports HTTP/2. All network infrastructure between Gateway and the ITRS Analytics ingestion endpoint must support HTTP/2 and gRPC. This includes:

  • Load balancers
  • Reverse proxies
  • API gateways
  • Web application firewalls (WAF)
  • Ingress controllers (Kubernetes environments)
  • Network proxies

The data pipeline can use normal proxies and does not require HTTP/2 or gRPC support. The data pipeline uses a different endpoint (for example, test.itrslab.com) than the ingestion pipeline (for example, ingestion-test.itrslab.com).

gRPC is not always enabled by default on many network devices and cloud services. Failure to verify this can result in connection failures or silent data loss.

Common infrastructure that requires explicit gRPC enablement Copied

The following infrastructure typically requires explicit configuration to support gRPC:

Legacy infrastructure compatibility

Old network devices, particularly those manufactured before 2015, may not support HTTP/2 or gRPC. This includes:

  • Older hardware load balancers (F5 versions prior to v12.0, NetScaler versions prior to v11.0)
  • Legacy firewalls without application-layer protocol support
  • Outdated proxy servers

If your infrastructure includes such devices, they must be upgraded or bypassed for ITRS Analytics connectivity.

Connection test and validation Copied

Before deploying Gateway to ITRS Analytics publishing in production, verify that:

  1. Your network path supports HTTP/2 and gRPC.
  2. No intermediate proxies or firewalls are blocking or downgrading the connection.
  3. TLS/SSL certificates are properly configured for HTTP/2 negotiation (ALPN).

You can test gRPC connectivity using the grpcurl tool:

grpcurl -v your-ingestion-endpoint.com:443 list

For ALPN verification, use openssl:

openssl s_client -alpn h2 -connect your-ingestion-endpoint.com:443 < /dev/null

The response should include ALPN protocol: h2, confirming HTTP/2 support.

ITRS Analytics concepts Copied

ITRS Analytics adopts a data model that includes many features that may sound familiar to Geneos users. However, it is important to recognise that these concepts are fundamentally different.

Entities Copied

Unlike the user-defined Managed Entities in Geneos, in ITRS Analytics an Entity is automatically created based on the dimensions that describe the data points. See the Data model for more information.

Entities can also have associated attributes but this does not affect the definition of an Entity. ITRS Analytics allows users to search for Entities metrics using both dimensions and attributes.

Geneos structures are mapped to ITRS Analytics entities, attributes, and metrics.

Consider an example:

Item Entity dimensions Attributes Metrics
Managed Entity probe=itrspc101 ConState=Up
Managed Entity probe=itrspc101 HostName=itrspc101.itsgroup.com
Managed Entity COUNTRY=UK
Managed Entity OS=Linux
Managed Entity DEPT=SALES
Sampler probe=itrspc101 Plugin Name=CPU
Sampler managedEntity=pc101 Group Name=Infra
Sampler sampler=CPU
Sampler type=LinuxInfra
Dataview probe=itrspc101 numCpuCores
Dataview managedEntity=pc101 numOnlineCpus
Dataview sampler=CPU loadAverage1Min
Dataview type=LinuxInfra loadAverage5Min
Dataview dataview=CPU
Row probe=itrspc101 type
Row managedEntity=pc101 clockSpeed
Row sampler=CPU percentUtilisation
Row type=LinuxInfra percentUserTime
Row dataview=CPU percentIdle
Row row=cpu_0

In general, traditional data generates the following entities:

Cells in dataview rows (and headlines) are mapped to metrics that exist on these ITRS Analytics entities according to the following rules:

For data that is sent to Geneos by a Collection Agent, the type of the metric will be preserved. As Collection Agent v2 does not use STATUS_METRIC, non-numeric data from Collection Agent will be sent and published as ATTRIBUTES.

ITRS Analytics closely follows the data model used by the Collection Agent. For more information, see Data collection in an orchestrated environment.

Data throttling Copied

To reduce data processed by ITRS Analytics, without compromising monitoring or investigation, the Gateway throttles publishing of fast-updating dataview cells that are not actively monitored. Cells are considered to be actively monitored if they have a severity of OK, Warning, or Critical.

Cells that are not actively monitored will be published at most once every 20 seconds by default. This rate can be adjusted in Advanced publishing settings > Throttle.

The throttling only applies to dataviews from samplers with a sample interval shorter than the Throttle setting. Dataviews in dynamically created samplers and API samplers (which have no sample interval) are not affected by throttling.

Example 1: Throttling applied

  • Sample interval: 1 second
  • Throttle setting: 20 seconds

Cells without severity are published once every 20 seconds. Cells with severity (OK, Warning, Critical) continue publishing every second.

Example 2: Throttling not applied

  • Sample interval: 20 seconds
  • Throttle setting: 10 seconds

No throttling is applied because the sample interval is already longer than the throttle setting. All updates are published as they occur.

Data labels Copied

Gateway sends two types of labels that allow you to search through ITRS Analytics entities:

Every metric has a set of dimensions that uniquely identify it. These are derived from the Geneos hierarchy of gateway, managedEntity, sampler, type, dataview, and row.

Geneos Managed Entity attributes set in the Gateway Setup Editor are sent as ENTITY_ATTRIBUTE metrics on the corresponding ITRS Analytics entities in the itrsgroup.com/geneos/gse namespace. Gateway also sends each sampler’s Group and PluginName as ENTITY_ATTRIBUTE metrics on the ITRS Analytics entity representing that sampler.

Netprobe parameters, such as HostName, Port, ConState, OS, or Version, are sent as ENTITY_ATTRIBUTE metrics on each ITRS Analytics entity representing a Geneos Managed Entity running on that Netprobe. The Netprobe also sends a sanitised version of OS called osType.

Signals Copied

Gateway sends severity changes to ITRS Analytics as signals, and a signal stream is provided for every metric. Gateway sends the severity and the value on the cell at the time that the severity changed, and snooze events to ITRS Analytics.

Audit Copied

Gateway sends audit events to ITRS Analytics when a connection is established. Audit events originating from a Gateway will have a dimension of gateway. Audit events originating from a Netprobe (like running a command on a Netprobe) will have dimensions of both gateway and probe.

The Gateway will publish the following audit events to ITRS Analytics:

Publish from Gateway to ITRS Analytics Copied

You can publish data from Gateway to ITRS Analytics via the Ingestion service. This service is installed as part of your ITRS Analytics installation.

By default, Gateway will publish all metrics, severity events, and audit events to ITRS Analytics. You can configure filtering strategies to control what data is published to ITRS Analytics. This can help minimise downstream data processing requirements in ITRS Analytics. To configure include and exclude filters, see Strategies.

To start the connection between Gateway and ITRS Analytics, you must configure the ITRS Analytics connection in the Publishing settings in the Gateway Setup Editor. For more information, see ITRS Analytics connection configuration.

ITRS Analytics connection configuration

Gateway self-monitoring, which is enabled by default, creates a dataview called ITRS Analytics Connection that shows the current state of ITRS Analytics publishing if the ITRS Analytics Connection has been configured. For more information, see Self-monitoring.

View ITRS Analytics data in Active Console Copied

If the Gateways connected to your Active Console publish data to ITRS Analytics, then those Gateways will share the ITRS Analytics connection details with Active Console so you can create history charts by querying data in ITRS Analytics.

To allow a connected Active Console to access ITRS Analytics data, you must configure the ITRS Analytics connection in the Data access settings in the Gateway Setup Editor.

ITRS Analytics connection configuration

In Active Console, you must also ensure that Tools > Settings > General > Default data source is set to ITRS Analytics.

Self-monitoring Copied

When ITRS Analytics publishing is configured on a Gateway, self-monitoring statistics are reported in two dataviews under Gateway Info > ITRS Analytics.

Detail dataview Copied

Detail dataview for ITRS Analytics publishing self-monitoring

Name Description
name Name of the data type.
sendState Either SENDING or BUFFERING.
deliveryStatus Delivery status of the last message. This can be either NONE, SUCCEEDED, RETRYING, or FAILED.
byteRate Transfer rate in bytes per second.
messagingRate Total transfer rate in messages per second across all three queues.
maxBufferSize Maximum number of buffered messages.
messagesInBuffer Current number of messages in the buffer.
messagesDroppedPerSample Number of messages dropped in the last sampler.

Summary dataview Copied

Summary dataview for ITRS Analytics publishing self-monitoring

Name Description
accessTokenAvailable Status of access.
accessTokenUser ITRS Analytics user associated with the access token used to connect to ITRS Analytics.

Note

This is not an application key. Access tokens are short lived tokens used to secure connections.
byteRate Transfer rate in bytes per second.
connectionStatus Shows the connection status. This can be either Statistics only, Idle, Ready, Connecting, Transient Failure, or Shutdown.
dataEndpoint ITRS Analytics data access endpoint.
dataviewsPublished Number of dataviews published.
dataviewsUnpublished Number of dataviews unpublished.
dataviewsWithErrors Number of dataview with errors.
enabled The ITRS Analytics connection can be either Enabled or Disabled.
ingestionEndpoint ITRS Analytics publishing endpoint.
messageRate Transfer rate per queue in messages per second.
messagesDroppedPerSample Average number of messages dropped per sampler.
metricsChanged Number of schemaless metrics initially published as one type (String, Number, or DateTime), which subsequently changed to a different type.
metricsDropped Number of metrics dropped due to type mismatches between data in the Geneos cells and their schema definition of data to publish.

ITRS Analytics connection configuration Copied

Basic configuration Copied

The ITRS Analytics connection section of the GSE provides the following options:

ITRS Analytics connection configuration

Setting Description Default
Enabled Enables or disables publishing to ITRS Analytics. Enabled
Mode Specify the publishing mode, choose from:

  • connection — publish Gateway data to ITRS Analytics.

  • statisticsOnly — perform a dry run using the current publishing settings. Statistics are recorded to the self-monitoring dataviews and to log files.

 connection

Statistics only mode Copied

Enable the statisticsOnly mode before publishing to estimate the data volume that will be published to ITRS Analytics. This helps you determine the required ITRS Analytics cluster size.

Running this mode is valuable for understanding data volume, throughput rates, and network bandwidth requirements before enabling actual publishing.

Statistics are recorded to the self-monitoring dataviews and to the Gateway log file.

ITRS Analytics connection statistics only mode

Connection mode Copied

The ITRS Analytics connection configuration is divided into two distinct functions:

Publishing — The Gateway acts as a data producer, sending metrics, events, and logs to ITRS Analytics via the ingestion service. This is a write-only operation using gRPC over HTTP/2.

Data access — The Gateway uses this connection to retrieve historical data from ITRS Analytics to serve to connected Active Consoles for charting and analysis, and to publish commands to ITRS Analytics for execution via the Entity Viewer. This connection uses HTTPS REST APIs. For more information, see publish and execute Gateway commands in ITRS Analytics.

These are independent configurations because:

Connection mode configuration fields Copied

Section Setting Description
Connection Verify server certificate

Enables or disables the server certificate verification. This setting is applied in both the connection for publishing data to ITRS Analytics and for accessing data from ITRS Analytics.

If this parameter is set to false and the TLS is enabled, then the server certificate will not be checked when the connection is made, and the provided certificate will be accepted.

Default: True

Note

If the certificate supports Application-Layer Protocol Negotiation (ALPN), make sure that ALPN is set to enabled for Gateway and ITRS Analytics connection to work properly.
Connection Root certificates

Specify the root CA certificate used to sign the certificates for both ingestion service and data access.

A root certificate is required for self-signed certificates or certificates from internal/private CAs not in the system trust store. It is not required for public CA certificates (e.g., Let’s Encrypt, DigiCert) already trusted by the operating system.

You can provide:

  • pemString — provide the full PEM string of the CA certificate. This is suitable for centralized configuration or when the certificate is managed via configuration management tools.

    The PEM string of the CA certificate can be found on the certificates page of the ITRS Analytics Admin page.

    • In your ITRS Analytics web console, click Admin from the left-hand menu and go to the Certificate tab.
    • Copy the complete CA certificate string (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
    • Navigate back to your ITRS Analytics Connection configuration in the GSE.
    • Paste the certificate string directly into the pemString field.

  • pemFile — provide the path to a certificate file in the current working directory of the Gateway. This is suitable when multiple components share the same certificate file, or when the certificate needs to be updated independently.

    This file should contain the full PEM string of the CA certificate.

    • Save the PEM-encoded certificate to a file (e.g., /path/to/ca-certificate.pem).
    • Specify the absolute path or path relative to the Gateway’s current working directory.

Note

On Linux in Geneos 7.2.0 and earlier versions, the Gateway searches for the default CA bundle at /etc/pki/tls/certs/ca-bundle.crt. However, in Ubuntu and SLES platforms, the default CA bundle is not located at this path.

For these platforms, you can either:

  • Specify the platform’s CA bundle path in this setting.
  • Create a symbolic link at /etc/pki/tls/certs/ca-bundle.crt to the platform’s default CA bundle:
    • For Ubuntu: The default CA bundle is at /etc/ssl/certs/ca-certificates.crt.
    • For SLES: The default CA bundle is at /var/lib/ca-certificates/ca-bundle.pem.
Connection > Publishing Service address

Specify the ITRS Analytics ingestion service hostname with the https:// prefix. For example: https://ingestion.my-iax.com. This endpoint must support gRPC and HTTP/2. The service address field defaults to https and port 443, so https://ingest.hub.local:443 can be entered as ingest.hub.local.

When you install ITRS Analytics, it will ask you for the ingestion endpoint where the Gateway will publish data. This can also be copied from the Certificate tab of the ITRS Analytics Admin page.
Connection > Publishing Credentials

Specify the ITRS Analytics user credentials to access the ITRS Analytics ingestion service. These credentials will allow the Gateway to connect to ITRS Analytics to publish data.

You must create an ingestion user via the ITRS Analytics IAM app.
Connection > Publishing Proxy Specify the Publishing proxy settings, allowing you to configure proxy connections at the Gateway level.
Connection > Data access Service address

Specify the ITRS Analytics Web Console hostname. This address is used by the Gateway to query historical data via the ITRS Analytics REST API.

This is typically the main web console URL for your ITRS Analytics instance. For example: https://my-iax.com.
Connection > Data access Credentials

Specify the ITRS Analytics user credentials to access data from ITRS Analytics.

Using the ITRS Analytics IAM app, you must:

  • Create a user account or use an existing user.
  • Ensure the user is mapped to a user role and not just ingestion role.
  • Add the user to a user group that has data access permissions.
Connection > Data access Proxy Specify the Data access proxy settings, allowing you to configure proxy connections at the Gateway level.

Proxy configuration Copied

ITRS Analytics connection settings support proxy configuration at both Gateway and Netprobe levels. This hierarchical configuration system allows for:

Gateway-level proxy settings are configured in the ITRS Analytics Connection section of the GSE. These settings are automatically inherited by all Netprobes connected to the Gateway, unless specifically overridden at the individual probe or probe group level.

ITRS Analytics connection proxy

There are two types of proxy configurations available:

Probe-level configuration overrides Copied

ITRS Analytics connection settings configured at the Gateway level are automatically propagated to all connected Netprobes and Self-Announcing Netprobes (SAN probes). However, these settings can also be overridden at the probe and probe group level as needed.

If you do not need to override the Gateway settings, no configuration is needed in the GSE.

Netprobe ITRS Analytics connection proxy

Probe-specific ITRS Analytics connection settings can be configured in the Probe > ITRS Analytics Connection section of the GSE. Enable Override IAX Connection and the specific connection settings you want to configure at the probe level.

Netprobe ITRS Analytics connection proxy

Setting Description
Mode > None Disable ITRS Analytics connection for the probe.
Mode > Statistics only Enable statistics logging for the probe while maintaining publishing at the Gateway level.
Mode > Connection > Service address Override the ITRS Analytics ingestion service endpoint for the specific probe.
Mode > Connection > Credentials Override the Gateway credentials with probe-specific credentials.
  • None — disable the use of credentials.
  • Override Inherited Credentials Settings — specify a different username and password for the probe.
Mode > Connection > Proxy Override the Gateway proxy settings with probe-specific proxy settings.
  • None — disable proxy for the probe even if the Gateway has a proxy configured.
  • Override Inherited Proxy Settings — specify different proxy settings for the probe:
    • Host
    • Port
    • Authentication
Mode > Connection > TLS Override the Gateway TLS settings with probe-specific TLS settings.
  • None — disable TLS settings for the probe.
  • Override Inherited TLS Settings — specify probe-specific TLS settings:
    • Verify server certificates
    • Root certificates

Note

When overriding TLS Settings, you must specify all required values. Individual settings within the TLS block cannot be selectively inherited from the Gateway configuration.

Self-Announcing Netprobes (SAN probes) configuration Copied

Self-Announcing Netprobes (SAN probes) are Netprobes that can be deployed on any host without prior Gateway configuration. SAN probes have enhanced ITRS Analytics connection configuration capabilities:

You can configure ITRS Analytics Connection settings once at the Gateway level, and they will automatically apply to all SAN probes in your environment. This ensures that SAN probes can fully participate in ITRS Analytics data publishing while maintaining the flexibility to use probe-specific configuration when needed.

Configuration examples Copied

The following examples demonstrate common ITRS Analytics connection configuration scenarios. You can also refer to these examples when configuring the setup file of a SAN probe to override specific settings.

Gateway with publishing proxy (authentication):

<iaxIngestionConnectionInfo>
  <serviceAddress>https://ingestion.example.com</serviceAddress>
  <credentials>
    <username>ingestion-api</username>
    <password>your-password</password>
  </credentials>
  <proxy>
    <proxyServer>
      <host>proxy.company.com</host>
      <port>8080</port>
      <authentication>
        <password>
          <username>proxy-user</username>
          <password>proxy-password</password>
        </password>
      </authentication>
    </proxyServer>
  </proxy>
</iaxIngestionConnectionInfo>

Data access with SOCKS proxy (with type selection and authentication):

<dataAccess>
  <serviceAddress>https://analytics.example.com</serviceAddress>
  <credentials>
    <username>data-access-user</username>
    <password>data-access-password</password>
  </credentials>
  <proxy>
    <proxyServer>
      <host>socks-proxy.company.com</host>
      <port>1080</port>
      <type>
        <socks_5/>
      </type>
      <authentication>
        <password>
          <username>proxy-user</username>
          <password>proxy-password</password>
        </password>
      </authentication>
    </proxyServer>
  </proxy>
</dataAccess>

Probe overriding Gateway credentials and proxy:

<probe name="special-probe">
  <iaxIngestionConnectionInfo>
    <credentials>
      <override>
        <username>probe-specific-user</username>
        <password>probe-specific-password</password>
      </override>
    </credentials>
    <proxy>
      <override>
        <host>different-proxy.company.com</host>
        <port>3128</port>
        <authentication>
          <none/>
        </authentication>
      </override>
    </proxy>
  </iaxIngestionConnectionInfo>
</probe>

Probe disabling inherited proxy:

<probe name="direct-connection-probe">
  <iaxIngestionConnectionInfo>
    <proxy>
      <none/>
    </proxy>
  </iaxIngestionConnectionInfo>
</probe>

Probe overriding advanced settings (block override):

<probe name="custom-advanced-probe">
  <iaxIngestionConnectionInfo>
    <advancedPublishingSettings>
      <override>
        <rpcTimeout>10000</rpcTimeout>
        <throttle>30</throttle>
        <batchSize>1000</batchSize>
        <batchTimeout>1000</batchTimeout>
        <queueSize>100000</queueSize>
        <auditQueueSize>5000</auditQueueSize>
        <statisticLogging>
          <filename>probe-specific-stats.log</filename>
          <maxSize>2048</maxSize>
          <interval>300</interval>
        </statisticLogging>
      </override>
    </advancedPublishingSettings>
  </iaxIngestionConnectionInfo>
</probe>

Advanced configuration Copied

The Advanced publishing settings allow you to fine-tune the Gateway’s publishing behavior for optimal performance and reliability. These settings control batching, queuing, timeouts, and diagnostic logging.

Note

Most users should start with default values. Only adjust these settings after understanding your specific requirements through monitoring the self-monitoring dataviews and analyzing publishing statistics.

Below are some possible situations when to adjust advanced settings:

ITRS Analytics connection advanced settings

Settings Description
RPC timeout

The time the Gateway waits for a gRPC response from the ITRS Analytics ingestion service before considering the request failed.

Each batch of metrics sent to ITRS Analytics is a gRPC call. If the ingestion service does not respond within this timeout:

  • The Gateway considers the call failed.
  • The request is retried according to gRPC retry policies.
  • The message remains in the queue for redelivery.

When to adjust:

  • Increase if you see timeout errors in Gateway logs but the network and ITRS Analytics service are healthy (e.g., high-latency WAN connections).
  • Decrease for faster failure detection in local network environments.

Default: 5000

Unit: milliseconds

Mandatory: No
Throttle

Controls the publishing rate of dataview cells that are not actively monitored, such as cells without severity OK, Warning, or Critical. These cells are published at most once every Throttle seconds.

Throttling is important for high-frequency monitoring environments, where dataviews may update multiple times per second. Publishing every single update for every cell would:

  • Generate massive data volumes in ITRS Analytics.
  • Consume significant network bandwidth.
  • Increase ingestion processing costs.
  • Provide minimal additional value for cells not being actively monitored for alerting.

See Data throttling for more information.

When to adjust:

  • Increase to reduce data volume and costs if unmonitored metrics do not need frequent updates.
  • Decrease if you need higher resolution for unmonitored metrics in ITRS Analytics dashboards.

Default: 20

Unit: seconds

Mandatory: No
Batch size

The maximum number of datapoints accumulated before a batch is sent to ITRS Analytics. Once the batch reaches this size, it is immediately transmitted via gRPC. Batching multiple datapoints into a single request:

  • Reduces network overhead (fewer TCP packets, fewer HTTP/2 frames).
  • Improves ingestion efficiency (ITRS Analytics processes fewer, larger batches).
  • Enables better compression ratios.
  • Reduces the number of authentication/authorization checks.

Datapoints accumulate in memory until the batch reaches Batch size datapoints, or Batch timeout expires, whichever comes first.

When to adjust:

  • Increase for high-volume environments to maximize throughput and reduce per-datapoint overhead.
  • Decrease for low-volume environments to reduce latency between data generation and ingestion.

Default: 5000

Unit: datapoints

Mandatory: No
Batch timeout

The maximum time the Gateway waits before sending a partially filled batch to ITRS Analytics. This ensures datapoints are not delayed indefinitely if the Batch size is not reached.

In low-volume scenarios or during quiet periods, it might take a long time to accumulate enough datapoints to fill a batch. Without a timeout:

  • Data would be delayed until the batch fills.
  • Real-time alerting in ITRS Analytics would be degraded.
  • Users would see stale data in dashboards.

When to adjust:

  • Decrease for near-real-time requirements or low-latency environments.
  • Increase to maximize batch fill rates in high-volume environments, prioritizing throughput over latency.

For example, if you generate 10,000 datapoints/second and batch size is 5,000:

  • Time to fill: 500ms
  • If batch timeout = 500ms: batches send every ~500ms (mostly full)
  • If batch timeout = 100ms: batches send every 100ms (only 1,000 datapoints each, lower throughput)

Default: 500

Unit: milliseconds

Mandatory: No
Queue size

The maximum number of messages (batches) the Gateway can hold before it starts dropping messages. This queue acts as a buffer between data generation and network transmission.

How it works:

Data generation → Batching → Queue → Network transmission → ITRS Analytics
  • Messages enter the queue after batching (see Batch size).
  • The Gateway sends messages from the queue to ITRS Analytics as fast as the network and ingestion service allow.
  • If the queue fills (all 200,000 slots used), the oldest messages are dropped.
  • The Gateway logs dropped messages and increments the messagesDroppedPerSample metric in self-monitoring. Messages are dropped when data generation rate consistently exceeds transmission rate, usually due to network bandwidth limitations, ITRS Analytics ingestion rate limits, long-duration network outages, or misconfigured throttling or batching.

When to adjust:

  • Increase if you have sufficient Gateway memory or you need to buffer more data during planned maintenance windows.
  • Decrease if your Gateway memory is constrained or you prefer to drop old data rather than buffer it (for example, for real-time-only use cases).

Watch the messagesInBuffer metric in the self-monitoring dataview:

  • Consistently near 0 means healthy, the transmission is keeping up with data generation.
  • Occasional spikes are normal during transient issues.
  • Consistently high or maxed out means action is required. Investigate network, ingestion limits, or data volume.

Default: 200000

Mandatory: No
Audit queue size

The maximum number of audit event messages the Gateway can buffer before dropping them. Unlike the main queue (in-memory), audit messages are saved to disk for durability.

Audit events represent critical security and compliance data such as user logon/logoff events, configuration changes, command executions, and action and alert triggers. These events have a lower volume than metrics and require persistence across Gateway restarts or crashes.

How it works:

Audit event → Disk-persisted queue → Network transmission → ITRS Analytics
  • Audit events are written to disk immediately.
  • If the Gateway restarts, queued audit events are recovered from disk.
  • If the connection to ITRS Analytics is lost, audit events accumulate on disk.
  • Once the disk queue fills, the oldest audit events are dropped.

When to adjust:

  • Increase if you have strict compliance requirements, high audit event volume, or can afford the disk space.
  • Decrease if disk space is limited, audit events are not critical for your use case, or you have alternative audit logging mechanisms.

Watch for messagesDroppedPerSample in the self-monitoring dataview. Non-zero values indicate audit events are being dropped. In these cases, investigate ITRS Analytics connectivity or increase queue size.

Default: 10000

Mandatory: No
Statistic Logging > Filename

The filename to which the ITRS Analytics publishing statistics are written. The maximum size of this file is defined in Statistic Logging > Max size. If this value is empty, the statistics are written to the component log file.

Default: ``

Mandatory: No
Statistic Logging > Max size

The maximum size (in Kbs) of an ITRS Analytics publishing statistics file. If the file exceeds this size, it is moved to a .old file, and a new file is created. This has no effect if Statistic Logging > Filename is not set.

Default: 1024

Mandatory: No
Statistic Logging > Interval

The rate in seconds in which ITRS Analytics publishing statistics are generated.

Default: 600

Unit: seconds

Mandatory: No

Probe-level advanced publishing settings overrides Copied

Advanced ITRS Analytics publishing settings configured at the Gateway level are automatically propagated to all connected Netprobes and Self-Announcing Netprobes (SAN probes). This ensures consistent configuration across the entire monitoring infrastructure while still allowing probe-specific overrides when needed.

No configuration is needed in the GSE if you do not need to override the Gateway settings.

Netprobe ITRS Analytics connection proxy

If you need to override the inherited advanced ITRS Analytics publishing settings, enable Override IAX Connection and Advanced publishing settings from the probe configuration.

Netprobe ITRS Analytics connection proxy

Individual probes can override the advanced publishing settings configured on the Gateway as a block override. Individual advanced settings cannot be selectively overridden. You need to configure all of the following settings:

Important

When overriding advanced publishing settings at the probe level, you must specify all advanced configuration values required. Any advanced settings not explicitly configured in the probe override will use their default values, not the configured values from the Gateway.

Controlling publishing Copied

By default, when ITRS Analytics publishing is enabled, all dataviews from all managed entities are published. However, you can control publishing at a granular level using several mechanisms.

Strategies Copied

The primary mechanism for controlling what data is published is through setting up strategies. Strategies allow you to:

Gateway filter strategy

Setting Description Default
Name Specifies a name to uniquely identify the strategy. New Strategy
targets One or more XPaths identifying the data items to which the strategy applies. These XPaths must point to one or more Netprobes, Managed Entities, samplers, or dataviews. XPaths that reference run-time values such as severity or connection state, or XPaths that point to individual cells are not supported.
Options Specifies what type of strategy to use. The following options are available:
  • include filter — publish only the data items specified by the targets, their ancestors, and their descendants. The metrics, severity messages, snooze messages, and user assignment messages of all data items not explicitly or implicitly targeted are not published. Severity is propagated through published data based only on included data items.
  • exclude filter — do not publish the data items specified by the targets or their descendants. Metrics, severity messages, snooze messages, and user assignment messages are not published for any targeted data items. Severity is propagated through published data based only on data items which are not excluded.
 filter

Note

If you specify both include filters and exclude filters, a data item is published if it is selected (directly or as an ancestor or descendant) by at least one include target and it is not selected (directly or as a descendant) by any exclude target.

Below are examples on using include and exclude filter strategies:

  1. Use an exclude filter strategy targeting to prevent all test or development managed entities from publishing.

  2. Use an include filter strategy to publish only production monitoring data from production managed entities.

  3. Use an exclude filter to prevent publishing of a specific sampler that generates high data volumes but provides limited value in ITRS Analytics.

Strategy Group Copied

Strategies may be grouped for organisational purposes. This has no effect on their application but is useful for grouping categories and making them easier to find in the navigation tree.

You must specify a name when creating a strategy group.

Dataview-level publishing Copied

You can control publishing to ITRS Analytics at the dataview level by enabling publishing for each dataview that you want to publish. This is useful if you want to publish only specific dataviews with relevant data, rather than publishing everything.

Important

Not all Geneos dataviews are immediately suitable for ingestion and analysis in ITRS Analytics.For example, some plugins such as toolkit-like plugins (Toolkit, SQL Toolkit) have unknown columns and data types, requiring you to define the data schema before publishing. Data may not appear as expected if schemas are not explicitly defined.

Dataview schemas are defined under the Publishing tab of a sampler configuration in the Gateway Setup Editor.

  1. Ensure you have configured the ITRS Analytics connection in your Gateway.

  2. Navigate to the Publishing tab in your sampler configuration in the Gateway Setup Editor.

  3. Click Add new in the Dataviews section.

  4. Specify the name of the dataview that you want to publish to ITRS Analytics.

  5. Select the data schema type.

    • If specifying a data schema, click the Data menu and ensure that the Publish option is checked.
    • If specifying a sampler schema static variable, ensure that the Publish option is checked in the sampler schema static variable configuration.

    Sampler publishing to ITRS Analytics

FKM-specific publishing Copied

The File Keyword Monitor (FKM) plugin often monitors log files that:

The log data collected by the FKM plugin can be published directly to ITRS Analytics from the Netprobe. The data does not go via the Gateway. Publishing to ITRS Analytics can be controlled at the file level:

  1. Configure the ITRS Analytics connection in your Gateway. The Netprobe uses the same connection parameters as the Gateway, unless overridden in the ITRS Analytics Connection section of the Probe or Probe group settings in the Gateway Setup Editor.

  2. Enable publishing for each monitored FKM file in the Gateway Setup Editor. See FKM ITRS Analytics publishing.

    ITRS Analytics publishing is enabled: FKM file publishes to ITRS Analytics

    ITRS Analytics publishing is not enabled: FKM file does not publish to ITRS Analytics

ITRS Analytics data governance and filters Copied

In addition to Gateway-side filtering strategies, ITRS Analytics provides its own data governance features.

The following features are available in the ITRS Analytics Ingestion app:

Consider using a combination of Gateway-side and ITRS Analytics-side controls for comprehensive data management.

Best practices for ITRS Analytics publishing Copied

ITRS Analytics Ingestion Proxy Copied

Ingestion proxy can be used to funnel data from locally running Gateways and Netprobes to remote ITRS Analytics ingestion services.

By implementing a proxy server, Netprobes and Gateways can connect internally to the proxy, which facilitates a secure outbound connection to hosted ITRS Analytics instances. It can be used for your instance or to connect to the SaaS instance. This method improves security by reducing the risk involved in directly connecting the network to external connections.

The ingestion proxy consists of the Collection Agent and gRPC plugin which receive data from Gateways and Netprobes, and report it to one or more ITRS Analytics instances.

ingestion proxy setup

Set up the Collection Agent as a proxy server Copied

Configure the gRPC plugin Copied

Configure your gRPC plugin using the following reference configuration. For the proxy server to work, provide values on the collectors and reporters parameters. Ensure values for the following are provided:

- `collectors` > `port`
- `reporters` > `tcp` > `hostname` and `port`
- `reporters` > `ingestion-reporter` > `hostname`, `port`, `username`, and `password`

plugin-directory: ${env:COLLECTION_AGENT_DIR}/plugins

monitoring:

  # Optional. Defaults to true.
  enabled: true

  # Agent self metrics.
  self-metrics:

    # Whether to enable self metric collection (optional, defaults to true).
    enabled: true

    # Dimensions to add to all self metrics from this agent (optional).
    dimensions:
      app: ingestion-proxy

collectors:
  - name: internal-grpc
    type: plugin
    class-name: GrpcInternalIngestionServiceCollector
    port: ${env:GRPC_PORT}
    # Optional. Settings to allow password authentication of Gateway
    # Remove the authentication section if you do not require gateways to authenticate with the proxy
    authentication:
      iam:
        scheme: https
        hostname: ${env:IAM_HOST}
        # port:  ${env:IAM_PORT}
        client-id: ingestion
        client-secret: ${env:IAM_CLIENT_SECRET}
        # the following setting is required, even though it will not be used
        admin-realm: master
        client-realm: obcerv
      allowed-users: [ ingestion-api ]
    thread-pool-size: 2

    # Optional. Use to enable TLS.
    # Remove the tls-config section if you do not require TLS connections between the gateway and the proxy
    tls-config:
      cert-file: ${env:PROXY_CERTIFICATE}
      key-file: ${env:PROXY_KEY}

reporters:
  - type: tcp
    name: tcp
    hostname: ${env:TCP_REPORTER_HOST}
    port: ${env:TCP_REPORTER_PORT}

  - type: plugin
    class-name: GrpcInternalIngestionServiceReporter
    name: ingestion-reporter

    hostname: ${env:INGESTION_HOST}
    port: ${env:INGESTION_PORT}
    username: ${env:INGESTION_USER}
    password: ${env:INGESTION_PWD}

    # Optional. Switch compression on/off. Defaults to true.
    use-compression: true

    # Optional. gRPC call deadline in milliseconds. Defaults to 3000ms.
    call-deadline: 3000

    # use-plain-text: true

    # Optional. Used only when use-plain-text is false (the default) and mTLS is desired,
    # else the client trusts whatever public key it receives from the server during the
    # TLS handshake.
    tls-config:
    # # Optional. Used for mTLS and trusted server TLS (i.e. contains trusted server keys).
      trust-chain-file: ${env:OBCERV_CA_CERTIFICATE}
    #   # Optional. List of TLS protocols to enable. Defaults to TLSv1.3 and TLSv1.2 only.
    #   protocols: [ TLSv1.3, TLSv1.2 ]

    # Optional. Explicitly switch on/off grpc level retries. Defaults to no explicit setting and therefore grpc default.
    # Unable to find property 'grpcRetries' on class: com.itrsgroup.collection.plugins.grpc.reporters.ingestion.GrpcInternalIngestionServiceReporterConfig$Batch
    # grpc-retries: true

    # Optional. Set a grpc idle timeout. Default is to not explicit set an idle timeout which means the channel
    # inherits the default, which is currently 30 minutes.
    # grpc-idle-timeout: 100000000

    #
    # Batch configuration per endpoint type.
    #
    # It is not necessary to configure any batching at all (including the common-batch block)
    # in which case the defaults are as specified in the common-batch block.
    #
    # Endpoint specific batch configuration can be used to override the default and common-block
    # attributes.
    #

    # Optional. Common batch configuration for all endpoints unless overridden below.
    common-batch:
      # Optional. In memory buffer capacity. Defaults to 2 * the batch size. Must be greater than the batch size.
      # A larger in memory buffer gives some level of protection against a receiver that is either generally slow, or
      # is slow to recover after a transient outage AND the producer is not producing at a significantly higher rate than
      # can be handled by the receiver.
      # buffer-capacity: 2048

      # Optional. Switch on asynchronous reporting. Defaults to false.
      # In asynchronous mode batches are sent without awaiting completion of the previous batch which allows for
      # interleaved reporting. This results in higher throughput at the cost of batches potentially being received out
      # of order.
      # async-mode: false

      # Optional. Retry interval in milliseconds when in synchronous reporting mode. Defaults to 500 ms.
      # retry-interval: 500

    # Optional. Override metrics batch configuration.
    # If present then any common configuration is ignored (i.e. individual attributes are not inherited).
    metrics-batch:
      size: 500
      timeout: 200
      max-retries: 0

    # Optional. Override logs batch configuration.
    # If present then any common configuration is ignored (i.e. individual attributes are not inherited).
    logs-batch:
      size: 100
      timeout: 1000
      max-retries: 10

    # Optional. Override events batch configuration.
    # If present then any common configuration is ignored (i.e. individual attributes are not inherited).
    events-batch:
      size: 100
      timeout: 1000
      max-retries: 10

    # Optional. Override attributes batch configuration.
    entity-attributes-batch:
      size: 500
      timeout: 1000
      max-retries: 10

  - type: routing
    name: routing-table
    route-eviction-timeout: 2000
    route-restoration-timeout: 60000
    route-type: all
    ignore-no-matching-route: true
    routes:
      - reporter: ingestion-reporter
        do-not-evict: true
        match: any
        matchers:
          - type: property
            key: gateway
            pattern: .*
      - reporter: tcp
        do-not-evict: true
        match: all
        matchers:
          - type: dimension
            key: app
            pattern: ingestion-proxy
          - type: property
            key: gateway
            pattern: .*
            exclude: true

workflow:
  metrics:
    reporter: routing-table
    max-retries: 0
    pass-through:
      enabled: true
      concurrency: parallel
      fire-and-forget: true

  logs:
    reporter: routing-table
    max-retries: 0
    pass-through:
      enabled: true
      concurrency: parallel
      fire-and-forget: true

  events:
    reporter: routing-table
    max-retries: 0
    pass-through:
      enabled: true
      concurrency: parallel
      fire-and-forget: true

  attributes:
    reporter: routing-table
    max-retries: 0
    pass-through:
      enabled: true
      concurrency: parallel
      fire-and-forget: true
  traces:
    enabled: false

Start the ingestion proxy Copied

  1. Use the include file ingestion-proxy.sh to start the proxy.

Note

Ensure that ingestion-proxy.sh and ingestion-proxy.yaml are in the same directory. Additionally, ensure that there is a Collection Agent directory that contains the Collection Agent and the Collection Agent plugin directory. This can be done by copying the collection-agent directory from the Netprobe package.
  1. Edit the bash script:
Variable Description
INGESTION_HOST DNS name of the ITRS Analytics ingestion server (for example,ingestion-iax.example.com).
INGESTION_USER User the proxy will use when connecting to ITRS Analytics.
INGESTION_PWD Password the proxy will use when connecting to ITRS Analytics.
OBCERV_CA_CERTIFICATE Certificate used to validate the connection to ITRS Analytics. Leave this blank if the certificate is trusted by the machine.
PROXY_CERTIFICATE Name of the file that contains the proxy server certificate (required to establish a TLS connection between gateways and the proxy).
PROXY_KEY Name of the file that contains the proxy server private key in pkcs8 format (required to establish a TLS connection between gateways and the proxy).
GRPC_PORT Port that the Ingestion proxy will listen on for gRPC connections.
IAM_HOST Hostname of ITRS Analytics used to allow the proxy server to validate the username and password supplied by a gateway when it connects (for example, iax.example.com).
IAM_CLIENT_SECRET Client secret of the ingestion client in ITRS Analytics.
TCP_REPORTER_HOST Hostname of the server that the monitoring Netprobe resides upon.
TCP_REPORTER_PORT Port that the monitoring Netprobe is using to listen for a Collection Agent TCP connection.
COLLECTION_AGENT_DIR Directory where the Collection Agent and the Collection Agent plugin directory reside.
OPTIONAL: Disable gateway authentication
Remove IAM_HOST and IAM_CLIENT_SECRET from ingestion-proxy.sh and remove the iam-config block in the internal-grpc collector in ingestion-proxy.yaml.
OPTIONAL: Disable TLS connections between gateway and the proxy
Remove PROXY_CERTIFICATE and PROXY_KEY. Additionally, remove the tls-config block in the internal-grpc collector in ingestion-proxy.yaml.

Set up Gateway to establish a connection with ITRS Analytics Copied

The include file obcerv-via-proxy.xml allows Gateways to connect to ITRS Analytics via the proxy. This file should be used by all Gateways that publish to ITRS Analytics. Refer to Include files for guidance on setting up include files in the Gateway Setup Editor.

Change the following settings based on the location and changes to the Collection Agent proxy:

Note

Data access is either direct or via a normal HTTP proxy that supports HTTP/2 and needs to be set in the file.

To start the connection between Gateway and ITRS Analytics, configure the Publishing > ITRS Analytics connection settings in the Gateway Setup Editor. Refer to the ITRS Analytics connection configuration section.

You need to fill in the Data access section in order to use Gateway Commands, Adaptive Rules, or the Forecaster app in ITRS Analytics. Your ITRS Analytics connection settings should look like this:

ITRS Analytics settings

Connect Netprobe to Collection Agent (Monitoring Proxy Service) Copied

The include file ingestion-proxy-monitoring.xml is for monitoring the ITRS Analytics proxy service. Only one Gateway needs this file, which will be the sole Gateway that will monitor the ITRS Analytics proxy. It also requires a Netprobe which will run on the server specified in ingestion-proxy.sh.

Note

  • The probe host of the Netprobe should be updated to match the server used (TCP_REPORTER_HOST).
  • The port where the Gateway connects to the Netprobe should match the port that the Netprobe listens on (-port flag).
  • The port that the Netprobe listens to for tcp connections from the Collection Agent should be changed to match the port defined in ingestion-proxy.sh (TCP_REPORTER_PORT).

The include file ingestion-proxy-monitoring.xml contains the following sections:

  1. Mapping — a Dynamic Entity mapping named Ingestion-proxy which processes the following custom mappings:

    • Filters — determine which datapoints are processed by which mapping. Values set are:

      • Label — app
      • Options — equals
      • Value — ingestion-proxy

        Note

        The values are similar to the TcpReporter you previously defined.

    • Geneos items — when a mapping is applied, the Geneos items fields determine how the labels of each datapoint are used to create Dynamic Entities and other items in the Geneos tree structure. Values set are:

      • Labels — hostname, app
      • Options — entity, sampler
      • Entity — when entity is set in options, value in this field is: Required: true, Use in display name: true

        Note

        The dimensions and properties of datapoints are both referred to as labels when creating custom mappings.

dynamic entities new mapping

  1. Collection Agent parameters — an unmanaged Collection Agent parameter named Ingestion Proxy which defines how the Collection Agent should run. The value of the Reporter port is 19137, which is the port the Netprobe should listen on to communicate with the Collection Agent using the TcpReporter.

collection agent parameters

  1. Mapping type — a mapping type named Ingestion proxy, wherein the mapping Ingestion-proxy is specified.

mapping type

Adding a new probe Copied

Set up a new probe following the steps below:

  1. Create a new probe and provide the name, hostname, and port.

    new probe

  2. Select the Dynamic Entities tab. Specify the mapping type and Collection Agent parameters that the Netprobe must use.

    mapping type and CA parameters

You should now be able to check the data coming in from the Collection Agent Ingestion Proxy through your Active Console.

Active Console data

Troubleshooting ITRS Analytics connectivity Copied

This section provides systematic troubleshooting steps for common ITRS Analytics publishing issues. Every connectivity, data quality, or volume issue should be cross-checked against this documentation to identify potential misconfigurations or missing requirements.

Diagnostic checklist Copied

When experiencing any ITRS Analytics publishing issue, systematically check:

Common examples of connection issues Copied

Symptom: connectionStatus shows “Failed” Copied

Possible causes and solutions:

  1. HTTP/2 or gRPC not supported by infrastructure

    • Check: Verify all load balancers, proxies, and network devices between Gateway and ITRS Analytics support HTTP/2 and gRPC.
    • Solution: Review network infrastructure requirements and enable gRPC on all intermediate devices.

  2. Certificate issues

    • Check: Look for SSL/TLS errors in Gateway logs.
    • Solution: Verify certificate configuration in Root certificates.
    • Common issues:
      • Certificate expired
      • Wrong certificate (server cert instead of CA cert)
      • Certificate format incorrect (not PEM)
      • Certificate path incorrect
    • Verification: Check accessTokenAvailable in self-monitoring. No indicates authentication/certificate issues.

  3. Network connectivity

    • Check: Can the Gateway host reach the ingestion service?
    • Firewall: Ensure outbound HTTPS (port 443) is allowed.
    • DNS: Verify the ingestion hostname resolves correctly.

  4. Proxy misconfiguration

    • Check: If using a proxy, verify proxy configuration is correct.
    • Solution: Test proxy connectivity separately.
    • Common issues:
      • The proxy doesn’t support gRPC/HTTP/2.
      • The proxy authentication credentials are incorrect.
      • The proxy hostname or port is wrong.

  5. Incorrect credentials

    • Check: accessTokenAvailable = No in self-monitoring summary dataview.
    • Solution: Verify credentials in publishing credentials.
    • Test: Try the same credentials via ITRS Analytics web console or API.
    • Common issues:
      • Wrong username/password
      • Account doesn’t have ingestion permissions
      • Account disabled or expired

Symptom: Data not appearing in ITRS Analytics Copied

Possible causes and solutions:

  1. Publishing is disabled or in statisticsOnly mode

    • Check: Verify that the Mode is set to connection, not statisticsOnly.
    • Check: Verify that the Enabled setting is checked.

  2. Data filtered by strategies

    • Check: Review strategies configuration.
    • Solution: Check if your dataviews match exclude filters or don’t match include filters.
    • Test: Temporarily remove all strategies to verify data flows without filters.

  3. Data throttled

    • Check: dataviewsUnpublished in self-monitoring summary dataview. Dataviews without severity are throttled by default for 20 seconds.
    • Solution: Adjust throttle setting or add severity to cells you want published at full rate.

  4. Schemaless dataview type mismatches

    • Check: metricsDropped > 0 in self-monitoring summary dataview. Dataview cells changing types (number ↔ string) cause metrics to be dropped.
    • Solution: Define explicit schemas for dataviews.

  5. Messages dropped due to queue overflow

    • Check: messagesDroppedPerSample > 0 in self-monitoring detail dataview. If so, data generation rate exceeds the transmission rate.
    • Solutions:
      • Reduce data volume by using filters.
      • Increase queue size.
      • Investigate network bandwidth limitations.
      • Check ITRS Analytics ingestion rate limits.
["Geneos"] ["Geneos > Gateway"] ["Technical Reference"]

Was this topic helpful?