action-metrics.md

Semantic Conventions for Action Metrics

Actions occur within the context of an Web Application.

HTTP Server

Applications that are served from an HTTP server.

Metric: http.server.action.total

This metric is required.

Name	Instrument Type	Unit (UCUM)	Description	Stability
http.server.action.total	Counter	{action}	A counter of actions for Contrast

Attribute	Type	Description	Examples	Requirement Level	Stability
contrast.action	string	The type of action that was observed.	file-open-create; authn-request	Recommended

contrast.action has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
authn-request	Functions that perform authentication actions
authz-request	Functions that perform authorization actions
el-execution	Spring expression language execution
file-open-create	file open or create action
host-cmd-exec	system shell command execution
ldap-query	Functions that result in and ldap query operation
ognl-execution	Object-Graph Navigation Language expression execution.
outbound_service_call	Functions that result in external calls to other services
smtp-exec	Functions that result in an SMTP command execution
storage-query	Functions that execute queries
url-forward	Any function designed to forward a request to another URL
url-redirect	Function that result in an http 302 redirect code sent to the client

Name	Instrument Type	Unit (UCUM)	Description	Stability
http.server.action.total	Counter	{action}	A counter of actions for Contrast

Attribute	Type	Description	Examples	Requirement Level	Stability
contrast.action	string	The type of action that was observed.	file-open-create; authn-request	Recommended

contrast.action has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
authn-request	Functions that perform authentication actions
authz-request	Functions that perform authorization actions
el-execution	Spring expression language execution
file-open-create	file open or create action
host-cmd-exec	system shell command execution
ldap-query	Functions that result in and ldap query operation
ognl-execution	Object-Graph Navigation Language expression execution.
outbound_service_call	Functions that result in external calls to other services
smtp-exec	Functions that result in an SMTP command execution
storage-query	Functions that execute queries
url-forward	Any function designed to forward a request to another URL
url-redirect	Function that result in an http 302 redirect code sent to the client

Metric: http.server.request.duration

This metric is required.

The documentation for this metric is duplicated from the OTEL Semantic Convention http metrics document. It is replicated here for convenience to the readers and to note that it is a required metric for agents to capture.

This metric SHOULD be specified with ExplicitBucketBoundaries of [ 0.005, 0.01, 0.025, 0.05, 0.075, 0.1, 0.25, 0.5, 0.75, 1, 2.5, 5, 7.5, 10 ].

Name	Instrument Type	Unit (UCUM)	Description	Stability
http.server.request.duration	Histogram	s	Duration of HTTP server requests.

Attribute	Type	Description	Examples	Requirement Level	Stability
http.request.method	string	HTTP request method. [1]	GET; POST; HEAD	Required
url.scheme	string	The URI scheme component identifying the used protocol.	http; https	Required
error.type	string	Describes a class of error the operation ended with. [2]	timeout; name_resolution_error; 500	Conditionally Required If request has ended with an error.
http.response.status_code	int	HTTP response status code.	200	Conditionally Required If and only if one was received/sent.
http.route	string	The matched route (path template in the format used by the respective server framework). See note below [3]	/users/:userID?; {controller}/{action}/{id?}	Conditionally Required If and only if it's available
network.protocol.name	string	OSI application layer or non-OSI equivalent. [4]	http; spdy	Recommended if not default (http).
network.protocol.version	string	The actual version of the protocol used for network communication. [5]	1.0; 1.1; 2; 3	Recommended
server.address	string	Name of the local HTTP server that received the request. [6]	example.com; 10.1.2.80; /tmp/my.sock	Opt-In
server.port	int	Port of the local HTTP server that received the request. [7]	80; 8080; 443	Opt-In

[1] http.request.method: HTTP request method value SHOULD be "known" to the instrumentation. By default, this convention defines "known" methods as the ones listed in RFC9110 and the PATCH method defined in RFC5789.

If the HTTP request method is not known to instrumentation, it MUST set the http.request.method attribute to _OTHER.

If the HTTP instrumentation could end up converting valid HTTP request methods to _OTHER, then it MUST provide a way to override the list of known HTTP methods. If this override is done via environment variable, then the environment variable MUST be named OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated list of case-sensitive known HTTP methods (this list MUST be a full override of the default known method, it is not a list of known methods in addition to the defaults).

HTTP method names are case-sensitive and http.request.method attribute value MUST match a known HTTP method name exactly. Instrumentations for specific web frameworks that consider HTTP methods to be case insensitive, SHOULD populate a canonical equivalent. Tracing instrumentations that do so, MUST also set http.request.method_original to the original value.

[2] error.type: If the request fails with an error before response status code was sent or received, error.type SHOULD be set to exception type or a component-specific low cardinality error code.

If response status code was sent or received and status indicates an error according to HTTP span status definition, error.type SHOULD be set to the status code number (represented as a string), an exception type (if thrown) or a component-specific error code.

The error.type value SHOULD be predictable and SHOULD have low cardinality. Instrumentations SHOULD document the list of errors they report.

The cardinality of error.type within one instrumentation library SHOULD be low, but telemetry consumers that aggregate data from multiple instrumentation libraries and applications should be prepared for error.type to have high cardinality at query time, when no additional filters are applied.

If the request has completed successfully, instrumentations SHOULD NOT set error.type.

[3] http.route: MUST NOT be populated when this is not supported by the HTTP server framework as the route attribute should have low-cardinality and the URI path can NOT substitute it. SHOULD include the application root if there is one.

[4] network.protocol.name: The value SHOULD be normalized to lowercase.

[5] network.protocol.version: If protocol version is subject to negotiation (for example using ALPN), this attribute SHOULD be set to the negotiated version. If the actual protocol version is not known, this attribute SHOULD NOT be set.

[6] server.address: See Setting server.address and server.port attributes.

Warning Since this attribute is based on HTTP headers, opting in to it may allow an attacker to trigger cardinality limits, degrading the usefulness of the metric.

[7] server.port: See Setting server.address and server.port attributes.

Warning Since this attribute is based on HTTP headers, opting in to it may allow an attacker to trigger cardinality limits, degrading the usefulness of the metric.

error.type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
_OTHER	A fallback error value to be used when the instrumentation doesn't define a custom value.

http.request.method has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
_OTHER	Any HTTP method that the instrumentation has no prior knowledge of.
CONNECT	CONNECT method.
DELETE	DELETE method.
GET	GET method.
HEAD	HEAD method.
OPTIONS	OPTIONS method.
PATCH	PATCH method.
POST	POST method.
PUT	PUT method.
TRACE	TRACE method.

Name	Instrument Type	Unit (UCUM)	Description	Stability
http.server.request.duration	Histogram	s	Duration of HTTP server requests.

Attribute	Type	Description	Examples	Requirement Level	Stability
http.request.method	string	HTTP request method. [1]	GET; POST; HEAD	Required
url.scheme	string	The URI scheme component identifying the used protocol.	http; https	Required
error.type	string	Describes a class of error the operation ended with. [2]	timeout; name_resolution_error; 500	Conditionally Required If request has ended with an error.
http.response.status_code	int	HTTP response status code.	200	Conditionally Required If and only if one was received/sent.
http.route	string	The matched route (path template in the format used by the respective server framework). See note below [3]	/users/:userID?; {controller}/{action}/{id?}	Conditionally Required If and only if it's available
network.protocol.name	string	OSI application layer or non-OSI equivalent. [4]	http; spdy	Recommended if not default (http).
network.protocol.version	string	The actual version of the protocol used for network communication. [5]	1.0; 1.1; 2; 3	Recommended
server.address	string	Name of the local HTTP server that received the request. [6]	example.com; 10.1.2.80; /tmp/my.sock	Opt-In
server.port	int	Port of the local HTTP server that received the request. [7]	80; 8080; 443	Opt-In

[1] http.request.method: HTTP request method value SHOULD be "known" to the instrumentation. By default, this convention defines "known" methods as the ones listed in RFC9110 and the PATCH method defined in RFC5789.

If the HTTP request method is not known to instrumentation, it MUST set the http.request.method attribute to _OTHER.

If the HTTP instrumentation could end up converting valid HTTP request methods to _OTHER, then it MUST provide a way to override the list of known HTTP methods. If this override is done via environment variable, then the environment variable MUST be named OTEL_INSTRUMENTATION_HTTP_KNOWN_METHODS and support a comma-separated list of case-sensitive known HTTP methods (this list MUST be a full override of the default known method, it is not a list of known methods in addition to the defaults).

HTTP method names are case-sensitive and http.request.method attribute value MUST match a known HTTP method name exactly. Instrumentations for specific web frameworks that consider HTTP methods to be case insensitive, SHOULD populate a canonical equivalent. Tracing instrumentations that do so, MUST also set http.request.method_original to the original value.

[2] error.type: If the request fails with an error before response status code was sent or received, error.type SHOULD be set to exception type or a component-specific low cardinality error code.

If response status code was sent or received and status indicates an error according to HTTP span status definition, error.type SHOULD be set to the status code number (represented as a string), an exception type (if thrown) or a component-specific error code.

The error.type value SHOULD be predictable and SHOULD have low cardinality. Instrumentations SHOULD document the list of errors they report.

The cardinality of error.type within one instrumentation library SHOULD be low, but telemetry consumers that aggregate data from multiple instrumentation libraries and applications should be prepared for error.type to have high cardinality at query time, when no additional filters are applied.

If the request has completed successfully, instrumentations SHOULD NOT set error.type.

[3] http.route: MUST NOT be populated when this is not supported by the HTTP server framework as the route attribute should have low-cardinality and the URI path can NOT substitute it. SHOULD include the application root if there is one.

[4] network.protocol.name: The value SHOULD be normalized to lowercase.

[5] network.protocol.version: If protocol version is subject to negotiation (for example using ALPN), this attribute SHOULD be set to the negotiated version. If the actual protocol version is not known, this attribute SHOULD NOT be set.

[6] server.address: See Setting server.address and server.port attributes.

Warning Since this attribute is based on HTTP headers, opting in to it may allow an attacker to trigger cardinality limits, degrading the usefulness of the metric.

[7] server.port: See Setting server.address and server.port attributes.

Warning Since this attribute is based on HTTP headers, opting in to it may allow an attacker to trigger cardinality limits, degrading the usefulness of the metric.

error.type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
_OTHER	A fallback error value to be used when the instrumentation doesn't define a custom value.

http.request.method has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value	Description	Stability
_OTHER	Any HTTP method that the instrumentation has no prior knowledge of.
CONNECT	CONNECT method.
DELETE	DELETE method.
GET	GET method.
HEAD	HEAD method.
OPTIONS	OPTIONS method.
PATCH	PATCH method.
POST	POST method.
PUT	PUT method.
TRACE	TRACE method.