Skip to content

Commit

Permalink
Add cardinality warning about two opt-in HTTP metric attributes (#401)
Browse files Browse the repository at this point in the history
Co-authored-by: Joao Grassi <joao.grassi@dynatrace.com>
  • Loading branch information
trask and joaopgrassi authored Oct 13, 2023
1 parent 612d101 commit 6323125
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ release.
- Clarify that `error.type` should be the fully-qualified exception class name
when it represents an exception type.
([#387](https://github.com/open-telemetry/semantic-conventions/pull/387))
- Add cardinality warning about two opt-in HTTP metric attributes
([#401](https://github.com/open-telemetry/semantic-conventions/pull/401))

## v1.22.0 (2023-10-12)

Expand Down
6 changes: 6 additions & 0 deletions docs/http/http-metrics.md
Original file line number Diff line number Diff line change
Expand Up @@ -209,13 +209,19 @@ Tracing instrumentations that do so, MUST also set `http.request.method_original

SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.

Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
to trigger cardinality limits, degrading the usefulness of the metric.

**[3]:** Determined by using the first of the following that applies

- Port identifier of the [primary server host](/docs/http/http-spans.md#http-server-definitions) of the matched virtual host.
- Port identifier of the [request target](https://www.rfc-editor.org/rfc/rfc9110.html#target.resource)
if it's sent in absolute-form.
- Port identifier of the `Host` header

Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
to trigger cardinality limits, degrading the usefulness of the metric.

`http.request.method` has the following list of well-known values. If one of them applies, then the respective value MUST be used, otherwise a custom value MAY be used.

| Value | Description |
Expand Down
6 changes: 6 additions & 0 deletions model/metrics/http.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,9 @@ groups:
SHOULD NOT be set if only IP address is available and capturing name would require a reverse DNS lookup.
Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
to trigger cardinality limits, degrading the usefulness of the metric.
- ref: server.port
requirement_level: opt_in
brief: >
Expand All @@ -64,6 +67,9 @@ groups:
if it's sent in absolute-form.
- Port identifier of the `Host` header
Warning: since this attribute may be based on the `Host` header, opting in to it may allow an attacker
to trigger cardinality limits, degrading the usefulness of the metric.
- id: metric.http.server.request.body.size
type: metric
metric_name: http.server.request.body.size
Expand Down

0 comments on commit 6323125

Please sign in to comment.