03. 04. 2023 Damiano Chini Log Management, Log-SIEM, NetEye

Introducing Observability in El Proxy

If you’re familiar with the NetEye SIEM module you probably also know El Proxy, the solution integrated into NetEye to ensure the integrity and inalterability of the logs produced by the SIEM module.

Since its introduction in NetEye, the only way to understand what El Proxy was doing was to inspect its logs, but as we know this is not an ideal solution for getting an overview of the behavior of any piece of software. This means that until now, El Proxy has been like a black box for most users, who may be have been wondering for example:

  • Is El Proxy signing and processing all logs correctly? Or is it perhaps encountering some error?
  • What is the workload in El Proxy? Are El Proxy and Elasticsearch keeping up with all the logs produced by the SIEM module?

To answer these types of questions we started introducing observability into El Proxy. In particular, we started with metrics, which will allow users to easily spot anomalies in the infrastructure and analyze the behavior of El Proxy over time.

The technologies involved in the process of exposing and visualizing El Proxy metrics in NetEye are:

  • OpenTelemetry: used by El Proxy to generate the metrics and expose them via an HTTP endpoint using the Prometheus format
  • Telegraf: polls the metrics from the HTTP endpoint and writes them to InfluxDB
  • InfluxDB: stores the time-series metrics
  • Grafana: visualizes the metrics via multiple dashboards installed in NetEye

To design the metrics and the visualizations, we divided the metrics into two main topics. The first one is troubleshooting. For which users may ask: Did El Proxy fail to process some logs? If so, for what reason? Did it store logs in DLQ? If so, when?

To answer these questions we created the “Troubleshooting” dashboard, based on metrics constructed from these use cases.

El Proxy Troubleshooting dashboard. In the first 2 panels, we can see that around 15:28 El Proxy had an error contacting Elasticsearch, probably due to an infrastructure incident, which led to 2 logs not being processed and sent back to Logstash. On the bottom half instead, we gain insights into the single requests performed by El Proxy to Elasticsearch. In particular, the 1st panel shows all the failed requests to Elasticsearch, while the 2nd and 3rd ones show the number of “retries”, i.e., the ones that failed and the ones that were successful, respectively.

Another topic of interest is the performance metrics of El Proxy and Elasticsearch. Hence NetEye also provides a dedicated dashboard for this:

El Proxy Performance dashboard. The 2 top-left panels give an overview of how many requests and logs El Proxy receives over time, while the third panel on the left shows how many logs are inside El Proxy at any moment, which can help you understand if El Proxy is managing to process and write logs at a faster rate than the rate of logs received as input. On the top right instead we have information on the timing of the requests to El Proxy and to Elasticsearch over time. This lets you understand for example if Elasticsearch is slowing down when it’s under heavy load, which may be a sign of a lack of resources.

Finally, a third dashboard gives an overview of the number of logs generated by each Tenant present in the infrastructure:

El Proxy Tenant Performance dashboard. In this dashboard, a panel is generated for each tenant present in your environment. Each panel displays the number of logs received from each Tenant, and also gives an insight into each of the Tenant’s blockchains if they has multiple ones.

We hope this first improvement on the observability of El Proxy will enable users to better and more easily get a grasp on the behavior of El Proxy. Any feedback is appreciated, please report it through the Wuerth Phoenix channels!

These Solutions are Engineered by Humans

Are you passionate about performance metrics or other modern IT challenges? Do you have the experience to drive solutions like the one above? Our customers often present us with problems that need customized solutions. In fact, we’re currently hiring for roles just like this as well as other roles here at Würth Phoenix.ext

Damiano Chini

Damiano Chini

Author

Damiano Chini

Latest posts by Damiano Chini

05. 01. 2026 Bug Fixes, NetEye
Bug Fixes for NetEye 4.45
30. 12. 2025 Automation, Development, Log Management, Log-SIEM, NetEye
Optimizing Rolling Restarts in Elasticsearch Clusters
24. 12. 2025 APM, Log-SIEM, Machine Learning, NetEye, Real User Experience
Root Cause Analysis with Elastic ML and Alyvix
09. 12. 2025 Bug Fixes, NetEye
Bug Fixes for NetEye 4.45
08. 10. 2025 Bug Fixes, NetEye
NetEye 4 – Security Advisory (Elastic Stack)
See All

Related Content

Tags: , , , , ,

28. 12. 2025 Automation, Business Service Monitoring, Icinga Web 2, NetEye, Service Management

Automating Notifications in NetEye

Today we continue our journey into monitoring automation in NetEye. In my previous post we discussed the possibility of automating Business Processes. As you may remember, for those of us working on NetEye Cloud monitoring dozens of clients, it's important Read More
24. 12. 2025 APM, Log-SIEM, Machine Learning, NetEye, Real User Experience

Root Cause Analysis with Elastic ML and Alyvix

When performance degradation occurs within a complex system, understanding the root cause can be extremely challenging. If the issue happens sporadically, this difficulty increases even more. This is because modern systems involve numerous components that interact in complex ways. For Read More
18. 12. 2025 Automation, Development, NetEye

From Patch to Package: How a Small Fix Becomes a Trusted RPM

At first glance, rebuilding an RPM may sound like a purely mechanical task: take a patch, rebuild the package, ship it. In reality, that small fix goes through a much longer journey that touches reliability, security, trust, and long-term maintainability. Read More
15. 12. 2025 Icinga Web 2, NetEye, Unified Monitoring

Monitoring Your NetApp S3 Object Storage

Introduction to NetApp and S3 NetApp offers a unified data storage system. NetApp's ONTAP operating system supports a combination of file, block, and object protocols. We can use common storage (disk array), such as NetApp AFF or FAS, and operate Read More
01. 12. 2025 NetEye, Unified Monitoring

Running the Icinga Agent as SYSTEM? No Thanks.

A safer way to run privileged Windows checks with SystemRunner If you’ve been monitoring Windows for a while, you’ve probably seen this pattern: some checks must run as LocalSystem (S-1-5-18), and the “quick fix” is to run the Icinga Agent Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive