Diagnostics

Hello, new experience!

With the version 25.5.13 release of InsightCloudSec, we've added a new version of the System Administration page that improves the navigation experience and re-organizes the System Settings section. The Diagnostics page is only available in the new interface. The old interface (Legacy UI) is on by default, but you can click the Switch to Modern UI button to test out the new interface.

Use the Diagnostics section of InsightCloudSec to monitor system health, API activity, logs, or background jobs or for assistance with troubleshooting issues. The Diagnostics page can be found under Settings > Diagnostics and contains four tabs:

  • System Health: Provides details on overall system and worker status as well as diagnostic reports, job backlog settings, and job information. If you're interested in configuring a job backlog export to understand the current load on your environment, refer to Configuring the job backlog export.
  • API Activity: Lists API activity for your InsightCloudSec environment, including user name, path (endpoint), request status, and method.
  • Logs: Displays a running list of activity occurring in your InsightCloudSec environment.
  • Background Jobs: Displays a running list of background jobs available in your InsightCloudSec environment. Background jobs include Insight checks, integration agent processors, database tasks, and more.

Configuring the job backlog export

The job backlog is a great way to understand the current load on your environment. Exporting job backlog metrics can be used to drive improvements from a scaling perspective and provide historical data for up to 15 months. InsightCloudSec provides support for exporting job backlog metrics to Amazon Web Services (AWS) AND Google Cloud Platform (GCP).

Configure AWS

Before getting started, you need Domain Admin permissions in InsightCloudSec. You also need to ensure the target AWS account has already been added to InsightCloudSec and the associated harvesting role has the "cloudwatch:PutMetricData" permission.

To turn on job backlog exporting to AWS CloudWatch in InsightCloudSec:

  1. Log in to InsightCloudSec.
  2. Go to Settings > Diagnostics > System Health > General.
  3. Under Job Backlog Settings, select an AWS Target Account.
  4. Enter a Target Region and Target Namespace.
  5. Optionally, select Use Instance Authentication if you onboarded your account using the Instance Assume Role method. In most cases, you do not need to use instance authentication.
  6. Click Save.

In the AWS CloudWatch, this information will appear in your Custom Namespaces under Metrics.

Configure GCP

Before getting started, you need Domain Admin permissions in InsightCloudSec. You also need to ensure the following:

  • The target GCP account has the already been added to InsightCloudSec
  • The target GCP account has the Stackdriver API turned on
  • The associated harvesting role has the "monitoring.metricDescriptors.create" and "monitoring.timeSeries.create" permissions.

To turn on job backlog exporting to AWS CloudWatch in InsightCloudSec:

  1. Log in to InsightCloudSec.
  2. Go to Settings > Diagnostics > System Health > General.
  3. Under Job Backlog Settings, select a GCP Target Account.
  4. Click Save.

In GCP Stackdriver, this information will appear as the following metrics:

  • job_backlog_standard
  • job_backlog_high_priority
  • job_backlog_immediate