Skip to main content
pgAgroal Enterprise docs · Observability — Grafana dashboards & alerts

pgAgroal Enterprise · How-to

Set up observability

Stand up the Enterprise observability layer: import the seven curated Grafana dashboards, point Prometheus at pgagroal's native metrics endpoint, and apply the bundled alerting rules. No upstream pgagroal change and no extra exporter is required.

Every dashboard and alert consumes pgagroal's native Prometheus metrics. The dashboards carry a self-contained header and never fetch a logo from an Elevarq-hosted URL, so a dashboard view never beacons the viewer's IP — nothing leaves your infrastructure.

Prerequisites

  • A reachable pgagroal /metricsendpoint (pgagroal's native Prometheus exposition).
  • A Prometheus instance that can scrape that endpoint.
  • Grafana with permission to import dashboards and add a Prometheus data source.

Wire Prometheus scraping

Point Prometheus at the pgagroal /metrics endpoint. A minimal vanilla scrape job:

scrape_configs:
  - job_name: pgagroal
    metrics_path: /metrics
    static_configs:
      - targets: ["pgagroal:2346"]

For background on what pgagroal exposes and how the endpoint is enabled, see the pgagroal Prometheus manual.

Import the Grafana dashboards

pgagroal Overview dashboard: connections, pool saturation, query and transaction rate, network throughput, session time, auth outcomes, certificate health, and logging
The Overview dashboard — pool, clients, throughput, sessions, server health, auth, certs, and logging (illustrative data).

The Enterprise pack ships seven curated dashboards under observability/grafana/dashboards/. To import each one:

  • Add a Prometheus data source that scrapes your pgagroal endpoint.
  • In Grafana: Dashboards → New → Import and upload the JSON file.
  • Pick the Prometheus data source and, optionally, an instance when prompted.

Each dashboard uses a datasource template variable (no hardcoded data source) and an instance variable, so the same JSON works across environments. The seven dashboards:

  • pgagroal-overview.jsonOverview: general overview of pool, clients, throughput, sessions, server health, auth, certs, and logging.
  • pgagroal-triage.jsonTriage: incident triage for saturation, queueing, failures, and auth/server/log errors.
  • pgagroal-capacity.jsonCapacity: capacity planning — headroom, churn, reaping, and throughput over days/weeks.
  • pgagroal-pgbouncer-migration.json Migration: PgBouncer migration and cutover — parity panels plus a SHOW-to-metric mapping.
  • pgagroal-security.jsonSecurity: security and compliance — TLS cert posture, auth outcomes, and audit-signal logs.
  • pgagroal-fleet.jsonFleet: fleet view — per-instance saturation, queue, and errors across many instances.
  • pgagroal-controlplane.json ControlPlane: control-plane ops — applies by outcome, drift checks, and the control-plane Go runtime (elevarq_cp_*).
pgagroal Triage dashboard: saturation, queueing, connection failures, and auth/server/log error rates for incident response
The Triage dashboard — saturation, queueing, failures, and error rates for incident response (illustrative data).

When to use each dashboard

Match the dashboard to the question you are answering and the audience.

DashboardAudienceAnswers
OverviewanyoneWhat does this pgagroal instance look like overall?
Triageon-call / SREIt's on fire — is the pooler saturated, queueing, erroring, or losing backends right now?
Capacityplatform / SREOver days/weeks, how much headroom is left and should I resize the pool or tune timeouts?
Migrationteams migratingAre we at parity with PgBouncer, and did anything regress at cutover?
Securitysecurity / complianceAre certs valid and renewed, and what do auth failures and error logs say?
Fleetplatform / SREAcross many instances, which one is the outlier?
ControlPlaneplatform / SREAre control-plane applies succeeding, is config drifting, and how is the control-plane runtime behaving?

Apply the alerting rules

The pack ships Prometheus alerting rules at observability/prometheus/pgagroal-alerts.yaml, packaged as a Prometheus Operator PrometheusRule. The inner groups are also a valid vanilla Prometheus rule file, so you can load it either way.

With the Prometheus Operator, apply it as a custom resource:

kubectl apply -f observability/prometheus/pgagroal-alerts.yaml

Without the operator, reference the rule file from your Prometheus configuration:

rule_files:
  - pgagroal-alerts.yaml

The rules cover availability (pool saturation, queued connections, failed backends), errors (connection errors/timeouts, auth-failure spikes, FATAL logs), and TLS (expired and soon-to-expire certificates). For the full catalog — every alert, its expression, threshold, and severity — see the Alerting rules reference.

Keep dashboards and rules honest

A metric-drift guard, observability/grafana/check-metric-drift.sh, extracts every pgagroal metric referenced in the dashboards and alert rules and asserts each is present in metrics-catalog.txt — the authoritative allow-list. It runs in CI on every PR and fails on any reference to a renamed or removed metric, keeping the observability layer aligned with the metrics the shipped image actually exposes.

observability/grafana/check-metric-drift.sh   # exit 0 = clean, 1 = drift

Next steps