1 of 100

docs

Welcome

Introduction

groundcover is a full stack, cloud-native observability platform, developed to break all industry paradigms - from making instrumentation a thing of the past, to decoupling cost from data volumes

The platform consolidates all your traces, metrics, logs, and Kubernetes events into a single pane of glass, allowing you to identify issues faster than ever before and conduct granular investigations for quick remediation and long-term prevention.

Our is not impacted by the volume of data generated by the environments you monitor, so you can dare to start monitoring environments that had been blind spots until now - such as your Dev and Staging clusters. This, in turn, provides you visibility into all your environments, making it much more likely to identify issues in the early stages of development, rather than in your live product.

groundcover introduces game-changing concepts to observability:

FAQ

How much does groundcover cost?

groundcover's unique pricing model is the first to decouple data volumes from cost of owning and operating the solution. For example, subscribing to our costs $30 per node/host per month.

Overall, the cost of owning and operating groundcover is based on two factors:

The number of nodes (hosts) you are running in the environment you are monitoring

Capabilities

Log Management

Stream, store, and query your logs at any scale, for a fixed cost.

Overview

Our Log Management solution is built for high scale and fast query performance so you can analyze logs quickly and effectively from all your cloud environments.

Gain context - Each log data is enriched with actionable context and correlated with relevant metrics and traces in one single view so you can find what you’re looking for and troubleshoot, faster.

Centralize to maximize - The groundcover platform can act as a limitless, centralized log management hub. Your subscription costs are completely unaffected by the amount of logs you choose to store or query. It's entirely up to you to decide.

Collection

Seamless log collection

groundcover ensures a seamless log collection experience with our , which automatically collects and aggregates all logs in all formats - including JSON, plain text, NGINX logs, and more. All this without any configuration needed.

This sensor is deployed as a DaemonSet, running a single pod on each node within your Kubernetes cluster. This configuration enables the groundcover platform to automatically collect logs from all of your pods, across all namespaces in your cluster. This means that once you've installed groundcover, no further action is needed on your part for log collection. The logs collected by each sensor instance are then channeled to the OTel Collector.

OTel Collector: A vendor-agnostic way to receive, process and export telemetry data.

Acting as the central processing hub, the OTel Collector is a vendor-agnostic tool that receives logs from various sensor pods. It processes, enriches, and forwards the data into groundcover's ClickHouse database, where all log data from your cluster is .

Logs Attributes

Logs Attributes enable advanced filtering capabilities and is currently supported for the formats:

JSON
Common Log Format (CLF) - like those from NGNIX and Kong
logfmt

groundcover automatically detects the format of these logs, extracting key:value pairs from the original log records as Attributes.

Each attribute can be added to your filters and search queries.

Example: filtering a log in a supported format with a field of a request path "/status" will look as follows: @request.path:"/status". Syntax can be found .

Configuration

groundcover offers the flexibility to craft tailored collection filtering rules, you can choose to set up filters and collect only the logs that are essential for your analysis, avoiding unnecessary data noise. For guidance on configuring your filters, explore our section.

You also have the option to for your logs in the ClickHouse database. By default, logs are retained for 3 days. To adjust this period to your preferences, visit our section for instructions.

Log Explorer

Once logs are collected and ingested, they are available within the groundcover platform in the Log Explorer, which is designed for quick searches and seamless exploration of your logs data. Using the Log Explorer you can troubleshoot and explore your logs with advanced search capabilities and filters, all within a clear and fast interface.

Search and filter

The Log Explorer integrates dynamic filters and a versatile search functionality that enables you to quickly and easily identify the right data. You can filter out logs by selecting one or multiple criteria, including log-level, workload, namespace and more, and can limit your search to a specific time range.

Log Pipelines

groundcover natively supports setting up log pipelines using This allow for full flexibility in the processing and manipulation of logs being collected - parsing additional patterns by regex, renaming attributes, and many more.

Infrastructure Monitoring

Get complete visibility into your cloud infrastructure performance at any scale, easily access all your metrics in one place and optimize infrastructure efficiency.

Overview

The groundcover platform offers infrastructure monitoring capabilities that were built for cloud-native environments. It enables you to track the health and efficiency of your infrastructure instantly, with an effortless deployment process.

Troubleshoot efficiently - acting as a centralized hub for all your infrastructure, application and customer metrics allows you to query, correlate and troubleshoot your cloud environments using real time data and insight on your entire stack.

Store it all, without a sweat - store any metrics volume without worrying about cardinality or retention limits.

Application Performance Monitoring (APM)

Gain end-to-end observability into your applications performance, identify and resolve issues instantly - all with zero code changes.

Overview

The groundcover platform collects data all across your stack using the power of eBPF instrumentation. Our proprietary eBPF sensor is installed in seconds and provides 100% coverage into application metrics and traces with zero code changes or configurations.

Resolve faster - By seamlessly correlating traces with application metrics, logs, and infrastructure events, groundcover’s APM enables you to detect and resolve root issues faster.

Improve user experience - Optimize your application performance and resource utilization faster than ever before, avoid downtimes and make poor end-user experience a thing of the past.

Collection

Our revolutionary eBPF sensor, , is deployed as a DaemonSet in your Kubernetes cluster. This approach allows us to inspect every packet that each service is sending or receiving, achieving 100% coverage. No sampling rates or relying on statistical luck - all requests and responses are observed.

This approach would not be feasible without a resource-efficient eBPF-powered sensor. eBPF not only extends the ability to pinpoint issues - it does so with much less overhead than any other method. eBPF can be used to analyze traffic originating from every programming language and SDK - even for encrypted connections!

Click for a full list of supported technologies

Reconstruction

After being collected by our eBPF code, the traffic is then classified according to its protocol - which is identified directly from the underlying traffic, or the library from which it originated. Connections are reconstructed, and we can generate transactions - HTTP requests and responses, SQL queries and responses etc.

Enrichment

In order to give as much context as possible each transaction is enriched with as much metadata as possible. Some examples might include the pods that took part in this transaction (both client and server), the nodes on which these pods are scheduled, and the state of container at the time of the request.

It is important to emphasize the impressive granularity level with which this process takes place - every single transaction observed is fully enriched. This allows us to perform more advanced aggregations.

Aggregation

After being enriched by as much context as possible, the transactions as grouped together into meaningful aggregations. These could be defined by the workloads involved, the protocols detected and the resources that were accessed in the operations. These aggregations will mostly come into play when displaying .

Exporting

After collecting the data, contextualizing it and putting it together in meaningful aggregations - we can now create and to provide meaningful insights into the services' behaviors.

Metrics

Learn how groundcover's application metrics work:

Traces

Learn how groundcover's application traces work:

Getting Started

Requirements

To ensure a seamless experience with groundcover, it's important to confirm that your environment meets the necessary requirements. Please review the detailed requirements for Kubernetes, our eBPF sensor, and the necessary hardware and resources to guarantee optimal performance.

Kubernetes requirements

groundcover supports a wide range of Kubernetes versions and distributions, including popular platforms like EKS, AKS, and GKE.

Learn more ->

Kernel requirements for eBPF sensor

Our state-of-the-art eBPF sensor leverages advanced kernel features to deliver comprehensive monitoring with minimal overhead, requiring specific Linux kernel versions, permissions, and CO:RE support.

Hardware and resource requirements

groundcover fully supports both x86 and ARM processors, ensuring compatibility across diverse environments.

ClickHouse resources

groundcover operates ClickHouse to support many of its core features. This requires suitable resources given to the deployment, which groundcover takes care of according to your data usage.

CPU architectures

The following architectures are fully supported for all groundcover workloads:

5 quick steps to get you started

Once installed, we recommend following these steps to help you quickly gain the most our of groundcover's unique observability platform.

1. Get a complete view of your workloads

The "Home page" of the groundcover app is our Workloads page. From here, you can get a service-centric view,

groundcover MCP

Supercharge your AI agents with o11y superpowers using the groundcover MCP server. Bring logs, traces, metrics, events, K8s resources, and more directly into your agent’s context — and troubleshoot side by side with your AI assistant to solve issues in minutes.

Status: Work in progress. We keep adding tools and polishing the experience. Got an idea or question? Ping us on Slack!

What is MCP?

MCP (Model Context Protocol) is an open standard that enables AI tools to access external data sources like APIs, observability platforms, and documentation directly within their working context. MCP servers expose these resources in a consistent way, so the AI agent can query and use them as needed to streamline workflows.

Real-world Use Cases

These are patterns we've seen in the wild. Agents use groundcover to debug, monitor, and close the loop.

Test → Logs → Fix

Cursor generates tests, tags each with a test_id, logs them, and then uses groundcover to instantly fetch related log lines.

Investigate Issues via Cursor

Got a monitor firing? Drop the alert into Cursor. The agent runs a quick RCA, queries groundcover, and even suggests a patch based on recent logs and traces.

Support Workflow

Support rep gets an error ID → uses MCP to query groundcover → jumps straight to the root cause by exploring traces and logs around the error.

The Autonomous Loop

An agent picks up a ticket, writes tests, ships code to staging, monitors it with groundcover, checks logs and traces, and verifies the fix end to end. Yes, really. Full loop. Almost no hands.

Migrations

Automated migration from legacy vendors. Bring over your monitors, dashboards, data sources, and all the data you need - with automatic mapping and zero downtime.

Overview

groundcover is the first observability platform to ship a one-click migration tool from legacy vendors. The migration flow automatically discovers, translates, and installs your observability setup into groundcover.

Goal: Move your entire observability stack with zero manual work. We don't just migrate assets - we bring the data and handle all the mapping for you.

Use groundcover

Monitor List page

View, filter, and manage all monitors in one place, and quickly identify issues or create new monitors.

The Monitor List is the central hub for managing and monitoring all active and configured Monitors. It provides a clear, filterable table view of your Monitors, with their current status and key details, such as creation date, severity, and live issues. Use this page to review your Monitors performance, identify issues, and take appropriate action.

Key Features

Monitor Catalog page

Explore and select pre-built Monitors from the catalog to quickly set up observability for your environment. Customize and deploy Monitors in just a few clicks.

Overview

The Monitor Catalog is a library of pre-built templates to efficiently create new Monitors. Browse and select one or more Monitors to quickly configure their environment with a single click. The Catalog groups monitors into "Packs", based on different use cases.

Embedded Grafana Alerts

groundcover enables access to an embedded Grafana, within the groundcover platform's interface. This enables you to easily import and continue using your existing Grafana and alerts.

Embedded Grafana Dashboards

groundcover enables access to an embedded Grafana, within the groundcover platform's interface. This enables you to easily import and continue using your existing Grafana dashboards and alerts.

The following guides will help you setup and import your visualizations from Grafana:

Create a Grafana dashboard

Build alerts & dashboards with Grafana Terraform provider

Using groundcover as Prometheus/Clickhouse database in a Self-hosted Grafana

Create a Grafana dashboard

The following guide explains how to build dashboards within the groundcover platform using our fully integrated Grafana interface. To learn how you can create dashboards using Grafana Terraform, follow .

A dashboard is a great tool for visually tracking, analyzing, and displaying key performance metrics, which enable you to monitor the health of your infrastructure and applications.

Insights

Quickly understand your data with groundcover

groundcover insights give you a clear snapshot of notable events in your data. Currently, the platform supports Error Anomalies, with more insight types on the way.

Error Anomalies

Error Anomalies instantly highlight workloads, containers, or environments experiencing unusual spikes in Error or Critical logs, as well as Traces marked with an error status. These anomalies are detected using statistical algorithms, continuously refined through user feedback for accuracy.

Each insight surfaces trends based on the entity’s error signals (e.g., workload, container, etc.):

Full Webhook Examples

This section contains comprehensive examples of webhook integrations with various third-party services. These examples provide step-by-step instructions for setting up complete workflows with external systems.

Available Examples

- Integrate with incident.io for incident management

Service Accounts

A service account is a non-human identity for API access, governed by RBAC and supporting multiple API keys.

Summary

Service accounts in groundcover are non-human identities used for programmatic access to the API. They’re ideal for CI pipelines, automation, and backend services, and are governed by groundcover’s RBAC system.

API Examples

Welcome to the API examples section. Here, you’ll find practical demonstrations of how to interact with our API endpoints using cURL commands. Each example is designed to help you quickly understand h

Structure of the Examples

cURL-based examples: Every example shows the exact cURL command you can copy and run directly in your terminal.
Endpoint-specific demonstrations: We walk through different API endpoints one by one, highlighting the required parameters and common use cases.
Request & Response clarity: Each section contains both the request (what you send) and the response (what you get back) to illustrate expected behavior.

Prerequisites

Before running any of the examples, make sure you have:

Raw Prometheus and Clickhouse API

Use raw prometheus api calls

Raw Prometheus API

You can obtain your API key from the in the groundcover console.

You can query the Prometheus API directly using curl:

For complete Prometheus REST API documentation, see:

Drilldown

The Drilldown view helps you to quickly identify and highlight the most informative attributes - those that stand out and help you pinpoint anomalies or bottlenecks.

Distribution Mode

In this mode, groundcover showcases the top attributes found in your traces or logs data. Each attribute displays up to four values with the highest occurrence across the selected traces.

You can click any value to add or exclude it as a filter and continue drilling down interactively.

How attributes are selected

We use statistical scoring based on:

Entropy: how diverse the values of an attribute are.
Presence ratio: how often the attribute appears across the selected traces.

Attributes that are both common and have high entropy are prioritized.

Add custom environment labels

Enhance your ability to easily monitor a group of clusters

This capability is available only to Enterprise users. Learn more about our .

Labeling clusters in your cloud-native environments is very helpful for efficient resource management and observability. By assigning an environment label in groundcover, you can categorize and identify clusters based on any specific criteria that you find helpful. For example, you can choose to label your clusters by environment type (development, staging, production, etc.), or by region (EU, US, etc.).

To add an environment label to your cluster, edit your cluster's existing values.yaml and add the following line:

Once defined and added, these labels will be available for you to select in the cluster and environment drop down menu ("Cluster Picker").

Traces

Our traces philosophy

Traces are a powerful observability pillar, providing granular insights into microservice interactions. Traditionally, they were hard to implement, requiring coordination of multiple teams and constant code changes, making this critical aspect very challenging to maintain.

groundcover's eBPF sensor disrupts the famous tradeoff, empowering developers to gain full visibility into their applications, effortlessly and without any code changes.

The platform supports two kinds of traces:

eBPF traces

These traces are automatically generated for every service in your stack. They are available out-of-the-box and within seconds of installation. These traces always include critical information such as:

All services that took part in the interaction (both client and server)
Accessed resource
Full payloads, including:
- All headers

3rd-party traces

These can be ingested into the platform, allowing to leverage already existing instrumentation to create a single pane of glass for all of your traces.

Traces are stored in groundcover's ClickHouse deployment, ensuring top notch performance on every scale.

For more details about ingesting 3rd party traces, see the .

Sampling

groundcover further disrupts the customary traces experience by reinventing the concept of sampling. This innovation differs between the different types of traces:

eBPF traces

These are generated by using 100% of the data, always processing every request being made, on every scale. However, the groundcover platform utilizes smart sampling to only store a fraction of the traces, while still generating an accurate picture. In general, sampling is performed according to these rules:

Requests with unusually high or low latencies, measured per resource
Requests which returned an error response (e.g 500 status code for HTTP)
"Normal" requests which form the baseline for each resource

Lastly, is utilized to make the sampling decisions on the node itself, without having to send or save any redundant traces.

Certain aspects of our sampling algorithm are configurable - read more .

3rd-party traces

Various mechanisms control the sampling performed over 3rd party traces. Read more here:

When integrating 3rd-party traces, it is often wise to configure some sampling mechanism according to the specific use case.

Additional Context

Each trace is enriched with additional information to give as much context as possible for the service which generated the trace. This includes:

Container information - image, environment variables, pod name
Logs generated by the service around the time of the trace
of the resource around the time of the trace
Kubernetes events relevant to the service

Distributed Tracing

One of the advantages of ingesting 3rd-party traces is the ability to leverage their distributed tracing feature. groundcover natively displays the full trace for ingested traces in the Traces page.

Trace Attributes

Trace Attributes enable advanced filtering and search capabilities. groundcover support attributes across all trace types. This encompasses a diverse range of protocols such as HTTP, MongoDB, PostgreSQL, and others, as well as varied sources including eBPF or manual instrumentations (for example - OpenTelemetry).

groundcover enriches your original traces and generates meaningful metadata as key-value pairs. This metadata includes critical information, such as protocol type, http.path, db.statement, and similar attributes, aligning with OTel conventions. Furthermore, groundcover seamlessly incorporates this metadata from spans received through supported manual instrumentations. For an in-depth understanding of attributes in OTel, please refer to (external link to OpenTelemtry website).

Each attribute can be effortlessly integrated into your filters and search queries. You can add them directly from the trace side-panel with a simple click or input them manually into the search bar.

Example: If you want to filter all HTTP traces that contain the path "/products". The query would be formatted as: @http.path:"/products". For a comprehensive guide on the query syntax, see Syntax table below.

Trace Tags

Trace Tags enable advanced filtering and search capabilities. groundcover support tags across all trace types. This encompasses a diverse range of protocols such as HTTP, MongoDB, PostgreSQL, and others, as well as varied sources including eBPF or manual instrumentations (for example - OpenTelemetry).

Tags are powerful metadata components, structured as key-value pairs. They offer insightful information about the resource generating the span, like: container.image.name ,host.name and more.

Tags include metadata enriched by the our sensor and additional metadata if provided by manual instrumentations (such as OpenTelemetry traces) . Utilizing these Tags enhances understanding and context of your traces, allowing for more comprehensive analysis and easier filtering by the relevant information.

Each tag can be effortlessly integrated into your filters and search queries. You can add them directly from the trace side-panel with a simple click or input them manually into the search bar.

Example: If you want to filter all traces from mysql containers - The query would be formatted as: container.image.name:mysql. For a comprehensive guide on the query syntax, see Syntax table below.

Search and filter

The Trace Explorer integrates dynamic filters and a versatile search functionality, to enhance your trace data analysis. You can filter out traces using specific criteria, including trace-status, workload, namespace and more, as well as limit your search to a specific time range.

Traces Pipelines

groundcover natively supports setting up log pipelines using This allow for full flexibility in the processing and manipulation of traces being collected - parsing additional patterns by regex, renaming attributes, and many more.

Controlling retention

groundcover allows full control over the retention of your traces. to learn more.

Custom Configuration

Tracing can be customized in several ways:

SQL Based Monitors

Sometimes there are use cases that involve complex queries and conditions for triggering a monitor. This might go beyond the built-in query logic that is provided within the groundcover logs page query language.

An example for such a use case could be the need to compare some logs to the same ones in a past period. This is not something that is regularly available for log search but can definitely be something to alert on. If the number of errors for a group of logs dramatically changes from a previous week, this could be an event to alert and investigate.

For such use cases you can harness the powerful ClickHouse SQL language to create an SQL based monitor within groundcover.

ClickHouse within groundcover

Log and Trace telemetry data is stored within a ClickHouse database.

You can directly query this data using SQL statements and create powerful monitors.

To create and test your SQL queries use the page within the groundcover app.

Select the ClickHouse@groundcover datasource with the SQL Editor option to start crafting your SQL queries

Start with show tables; to see of all the available tables to use for your queries: logs and traces would be popular choices (table names are case sensitive).

Query best practices

While testing your queries always use LIMIT to limit your results to a small set of data.

To apply the Grafana timeframe on your queries make sure to add the following conditions:

Logs: WHERE $__timeFilter(timestamp)

Traces: WHERE $__timeFilter(start_timestamp)

Note: When querying logs with SQL, it's crucial to use efficient filters to prevent timeouts and enhance performance. Implementing primary filters like cluster, workload, namespace, and env will significantly speed up queries. Always integrate these filters when writing your queries to avoid inefficient queries.

Filtering on attributes and tags

Traces and Logs have rich context that is normally stored in dedicated columns in json format. Accessing the context for filtering and retrieving values is a popular need when querying the data.

To get to the relevant context item, either in the attributes or tags you can use the following syntax:

WHERE string_attributes['host_name'] = 'my.host'

WHERE string_tags['cloud.name'] = 'aws'

WHERE float_attributes['hradline_count'] = 4

WHERE float_tags['container.size'] = 22.4

To use the float context ensure that the relevant attributes or tags are indeed numeric. To do that, check the relevant log in json format to see if the referenced field is not wrapped with quotes (for example, headline_count in the screenshot below)

SQL Query structure for a monitor

In order to be able to use an SQL query to create a monitor you must make sure the query returns no more than a single numeric field - this is the monitored field on which the threshold is placed.

The query can also contain any number of "group by" fields that are passed to the monitor as context labels.

Here is an exmaple of an SQL query that can be used for a monitor

In this query the threshold field is a ratio between some value measured on the last week and in the last 10 minutes.

tenantID and env are the group by labels that are passed to the monitor as context labels.

Here is another query example (check the percentage of errors in a set of logs):

A single numeric value is calculated and grouped by cluster, namespace and workload

Applying the SQL query as a monitor

Applying an SQL query can only happens in YAML mode. You can use the following YAML template to add your query

Give your monitor a name and a description
Paste your SQL query in the expression field
Set the threshold value and the relevant operator - in this example this is "lower than" 0.5 (< 0.5)
Set your workflow name in the annotations section

Trigger an alert when no logs are coming from a Linux host

Use to add the following template to your monitor.

In this example we are creating a list of Linux hosts that were sending logs in the last 24 hours and then checking if there were any logs collected from those hosts in the last 5 minutes.

This monitor can be used e.g. to catch when the host is down.

It would be helpful if you add an indication on the monitor name that this is SQL based. For example, add an [SQL] prefix or suffix to the monitor name as shown in the example

Create a Grafana alert

Alerts in groundcover leverage a fully integrated Grafana interface. To learn how you can create alerts using Grafana Terraform, follow this guide.

Setup an alert based on metrics

Setting up an alert in groundcover involves defining conditions based on data collected in the platform, such as metrics, traces, logs, or Kubernetes events. This guide will walk you through the process of creating an alert based on metrics. More guides will follow to include all different types of data.

Step 1: Access the Alerts section

to groundcover and navigate to the Alerts section by clicking on it on the left navigation menu.
Once in the Alerts section, click on Alerting in the inner menu on the left.
- If you can't see the inner menu, click on the 3 bars next to "Home" in the upper left corner.
Click on Alert Rules

Step 2: Give the alert a name and define query and conditions

Type a name for your alert. It's recommended to use a name that will make it easy for you to understand its function later.
Select the data source:
1. ClickHouse: For alerts based on your traces, logs, and Kubernetes events.
2. Prometheus: For alerts based on metrics (includes APM metrics, infrastructure metrics, and custom metrics from your environment)

Note: You can click on "Run queries" to see the results of this query.

Step 3: Define expressions - Reduce & Threshold

In the Reduce section, open on the "Function" dropdown menu and choose the type of value you want to use.
- Min - the lowest value
- Max - the highest value
- Mean - the average of the values

Step 4: Set evaluation behavior

Click on "+ New folder" and type a name for the folder in which this rule will be stored. You can choose any name, but it's recommended to use a name that will make it easy for you to find the relevant evaluation groups, should you want to use them again in future alerts.
Click on "+ New evaluation group" and type a name for this evaluation group. The same recommendation applies here too.
In the Evaluation interval textbox, type how often the rule should be evaluated to see if it matches the conditions set in Step 3. Then, click "Create". Note: For the Evaluation interval, use the format (number)(unit), where units are:
- s = seconds

Evaluation interval = how often do you want to check if the alert should fire

Pending period = how long do you want this to be true before it fires

As an example, you can define the alert to fire only if the Mean percentage of memory used by a node is above 90% in the past 2 minutes (Pending period = 2m) and you want to check if that's true every 30 seconds (Evaluation interval = 30s).

Step 5: Choose contact point

If you already have a contact point set up, simply select it from the dropdown menu at the bottom of the "Configure lables and notifications" section. If not, click on the blue "View or create contact points" link, which will open a new tab.

Click on the blue "Add contact point" button

This will get you to the Contact points screen. Then:

Type a name for the contact point
From the dropdown menu, choose which system you want to use to push the alert to.
The information required to push the alert will change based on the system you select. Follow on-screen instructions (for example, if email is selected, you'll need to enter the email address(es) for that contact.
Click "Save contact point"

You can now close this tab to go back to the alert rule screen.

Next to the link you clicked to create this new contact point, you'll find a dropdown menu, where you can select the contact point you just created.

Step 6: Add annotations

Under "Add annotations", you have two free text boxes that give you the option to add any information that can be useful to you and/or the recipient(s) of this alert, such as a summary that reminds you of the alert's functionality or purpose, or next step instructions when this alert fires.

Step 7: Save and exit

Once all of it is ready, you can click the blue "Save rule and exit" button on the upper right of the screen, which will bring you back to the Alert rules screen. You will now be able to see your alert, as well as its status - normal (green), pending (yellow), or firing (red), as well as the Evaluation interval (blue).

Configuring Alert from existing dashboard:

Log in to your groundcover account and navigate to the dashboard that you want to create an alert from.
Locate the Grafana panel that you want to create an alert from and click on the panel's header and select edit .
Click on the alert tab as seen in the image below. Select the Manage alerts option from the dropdown menu.
Click on the New Alert Rule button.

Note: only time series panels support alert creation.

An alert is derived from three parts that will be configured in the screen that you are navigated to:
- Expression - the query that defines the alert input itself,
- Reduction - the value that should be leveraged from the aforementioned expression
- Threshold

Select folder - if needed you can navigate to dashboard tab in left nav and create new folder
Select evaluation ground or type text in order to create a new group as shown below

Click "Save and Exit" on top right hand side of screen to create alert
Ensure your notification is configured to have alerts sent to end users. See "Configuring Slack Contact Point" section below if needed.

Note: Make sure to test the alert to ensure that it is working as expected. You can do this by triggering the conditions that you defined and verifying that the alert is sent to the specified notification channels.

Query Metrics

Execute PromQL queries against groundcover metrics data. Two endpoints are available: instant queries for point-in-time values and range queries for time-series data over specific periods.

Endpoints

Instant Query

GET /api/prometheus/api/v1/query

Execute an instant PromQL query to get metric values at a single point in time.

Range Query

POST /api/metrics/query-range

Execute a PromQL query over a time range to get time-series data.

Authentication

Both endpoints require API Key authentication via the Authorization header.

Instant Query Endpoint

Request

GET /api/prometheus/api/v1/query

Headers

Query Parameters

Parameter

Type

Required

Description

Understanding the Time Parameter

The time parameter specifies exactly one timestamp at which to evaluate your PromQL expression. This is NOT a time range:

With time: "What was the disk usage at 2025-10-21T09:21:44.398Z?"
Without time: "What is the disk usage right now?"

Important: This is different from range queries which return time-series data over a period.

Instant vs Range Queries - Key Differences

Aspect

Instant Query

Range Query

Example Comparison:

Instant: time=2025-10-21T09:00:00Z → Returns disk usage at exactly 9:00 AM
Range: start=2025-10-21T08:00:00Z&end=2025-10-21T09:00:00Z → Returns hourly disk usage trend

Practical Example:

Response

Historical Point-in-Time Values

Get disk usage at a specific moment in the past:

Note: This returns the disk usage value at exactly 2025-10-21T09:21:44.398Z, not a range from that time until now.

Range Query Examples

24-Hour Disk Usage Trend

Get disk usage over the last 24 hours with 30-minute resolution:

High-Resolution CPU Monitoring

Monitor CPU usage over 1 hour with 1-minute resolution:

Query Optimization

Use appropriate time ranges: Avoid querying excessively large time ranges
Choose optimal step sizes: Balance resolution with performance
Filter early: Use label filters to reduce data volume
Aggregate wisely: Use grouping to reduce cardinality

Time Handling

Use RFC3339 format: Always use ISO 8601 timestamps
Account for timezones: Timestamps are in UTC
Align step boundaries: Choose steps that align with data collection intervals
Handle clock skew: Allow for small time differences in distributed systems

Rate Limiting

Concurrent queries: Limit concurrent requests to avoid overwhelming the API
Query complexity: Complex queries may take longer and consume more resources
Data retention: Historical data availability depends on your retention policy

Metrics & Labels

Kubernetes Infrastructure Metrics & Labels

Node CPU, Memory and Disk

Labels

type clusterId region node_name

Metrics

Name

Description

Unit

Type

Storage Usage

Labels

type clusterId region name namespace

Metrics

Name

Description

Unit

Type

Network Usage

Labels

clusterId workload_name namespace container_name remote_service_name remote_namespace remote_is_external availability_zone region remote_availability_zone remote_region

Notes:

is_loopback and remote_is_external are special labels that indicate the remote service is either the same service as the recording side (loopback) or resides in an external network, e.g managed service outside of the cluster (external).
- In both cases the remote_service_name and the remote_namespace labels will be empty

Metrics

Name

Description

Unit

Type

Kubernetes Resources

Labels

type resource condition status clusterId region namespace workload_name deployment unit

Metrics

Name

Name

Name

Description

Unit

Type

Application Metrics & Labels

Label name

Description

Relevant types

Summary based metrics have an additional quantile label, representing the percentile. Available values: [”0.5”, “0.95”, 0.99”].

We also use a set of internal labels which are not relevant in most use-cases. Find them interesting?

issue_id entity_id resource_id query_id aggregation_id parent_entity_id

Golden Signals (Errors & Issues)

In the lists below, we describe error and issue counters. Every issue flagged by the platform is an error; but not every error is flagged as an issue.

Resource metrics

Name

Description

Unit

Type

Workload metrics

Name

Description

Unit

Type

Kafka specific metrics

Name

Description

Unit

Type