This message was deleted.

This feels more like a Prometheus question… agreed?

@quaint-candle-18606 Not really, no. This is a question specifically about neuvector-exporter metrics, and not prometheus in general. I messed around with various promQL queries but it's just very unclear what the neuvector-exporter metrics actually do. For example,

nv_log_events

metric only returns one event. Alternatively, I'd like to be able to send emails to my team whenever certain thresholds or events happen. I'm not able to find much documentation on how to detect anomalies and inform my team without me having to constantly check the dashboard.

NeuVector has 3 kinds of logs/notifications: •Security Events - Security violations against rules •Risk Reports - CVE/Compliance issues •Events - “operational” events, like user login, etc. Any/all of them can be sent to your SIEM. Prometheus in your case.

@quaint-candle-18606 I think you're missing my point. What I'm saying is that neuvector-prometheus-exporter's metrics don't seem to work in any sensible way. Try querying

nv_log_events

and see for yourself. It does not in fact return the list of security events, only one (presumably the one that is considered active). Furthermore it seems like it aggregates or ignores some security events. For example, I can see in the NeuVector dashboard that 5 security events were launched, but there's only one corresponding event in the

nv_log_events

metric... Please understand that I'm not asking a generic question about neuvector logs or prometheus in general. This is specifically about neuvector-prometheus-exporter metrics.

okay, got it. sorry. I am much of an expert on the exporter. I’ll try to find somebody who may know better

No worries, and thank you!