DB Console Overview

On this page Carat arrow pointing down

The DB Console provides details about your cluster and database configuration, and helps you optimize cluster performance.

Note:

Authorized CockroachDB Dedicated cluster users can visit the DB Console at a URL provisioned for the cluster.

Refer to: Network Authorization for CockroachDB Cloud Clusters—DB Console

Authentication

The DB Console supports username/password login and single sign-on (SSO) for Advanced and Enterprise clusters.

The DB Console sign-on page can also be used to provision authentication tokens for SQL client access.

Refer to:

DB Console areas

Overview

The Overview page provides a cluster overview and node list and map.

  • Cluster Overview has essential metrics about the cluster and nodes, including liveness status, replication status, uptime, and hardware usage.
  • Node List has a list of cluster metrics at the locality and node levels.
  • Node Map displays a geographical configuration of your cluster and metrics at the locality and node levels, visualized on a map.

Metrics

The Metrics page provides dashboards for all types of CockroachDB metrics.

Databases

The Databases page shows details about the system and user databases in the cluster.

SQL Activity

The SQL Activity page summarizes SQL activity in your cluster.

Insights

The Insights page exposes problematic health signals and enables you to quickly find optimization opportunities to maximize database efficiency. The Insights page contains workload-level and schema-level insights.

Network Latency

The Network Latency page shows latencies and lost connections between all nodes in your cluster.

Jobs

The Jobs page shows details of jobs running in the cluster.

Advanced Debug

The Advanced Debug page provides advanced monitoring and troubleshooting reports. These include details about data distribution, the state of specific queues, and slow query metrics. These details are largely intended for use by CockroachDB developers. To access the Advanced Debug page, the user must be a member of the admin role or must have the VIEWDEBUG system privilege defined.

DB Console access

You can access the DB Console from every node at http://<host>:<http-port>, or http://<host>:8080 by default.

  • If you included the --http-addr flag when starting nodes, use the IP address or hostname and port specified by that flag.
  • If you didn't include the --http-addr flag when starting nodes, use the IP address or hostname specified by the --listen-addr flag and port 8080.
  • If you are running a secure cluster, use https instead of http.

For guidance on accessing the DB Console in the context of cluster deployment, see Start a Local Cluster and Manual Deployment.

Proxy DB Console

If your CockroachDB cluster is behind a load balancer, you may wish to proxy your DB Console connection to a different node in the cluster from the node you first connect to. This is useful in deployments where a third-party load balancer otherwise determines which CockroachDB node you connect to in DB Console, or where web management access is limited to a subset of CockroachDB instances in a cluster.

You can accomplish this using one of these methods:

  • Once connected to DB Console, use the Web server dropdown menu from the Advanced Debug page to select a different node to proxy to.
  • Use the remote_node_id parameter in your DB Console URL to proxy directly to a specific node. For example, use http://<host>:<http-port>/?remote_node_id=2 to proxy directly to node 2.

DB Console security considerations

Access to DB Console is a function of cluster security and the privileges of the accessing user.

Cluster security

On insecure clusters, all areas of the DB Console are accessible to all users.

On secure clusters, for each user who should have access to the DB Console, you must create a user with a password and optionally GRANT the user system-level privileges or membership to the admin role.

Role-based security

All users have access to data over which they have privileges (e.g., jobs and list of sessions), and data that does not require privileges (e.g., cluster health, node status, metrics).

The following areas display information from privileged HTTP endpoints that require the user to have the admin role or the specified system-level privileges.

DB Console area System-level privilege Privileged information
Databases VIEWACTIVITY or VIEWACTIVITYREDACTED Stored table data
Statements VIEWACTIVITY or VIEWACTIVITYREDACTED SQL statements
Transactions VIEWACTIVITY or VIEWACTIVITYREDACTED Transactions
Sessions VIEWACTIVITY or VIEWACTIVITYREDACTED Sessions
Insights VIEWACTIVITY or VIEWACTIVITYREDACTED Insights
Hot Ranges VIEWCLUSTERMETADATA Ranges
Jobs VIEWJOB Jobs
Advanced Debug VIEWDEBUG Debugging and profiling endpoints
Advanced Debug > Problem Ranges VIEWCLUSTERMETADATA Ranges
Advanced Debug > Data Distribution and Zone Configs VIEWCLUSTERMETADATA Ranges
Advanced Debug > Cluster Settings VIEWCLUSTERSETTING or MODIFYCLUSTERSETTING Cluster Settings

DB Console timezone configuration

You can view timestamps in the DB Console in your preferred timezone using the ui.display_timezone cluster setting. Currently supported timezones are Coordinated Universal Time (etc/utc, the default) and America/New_York (america/new_york):

icon/buttons/copy
SET CLUSTER SETTING ui.display_timezone = 'america/new_york';

DB Console troubleshooting

The DB Console stores temporary data in a time-series database in order to generate the various metrics graphs. If your cluster is comprised of a large number of nodes where individual nodes have very limited memory available (e.g., under 8 GiB), this underlying time-series database may not have enough memory available per-node to serve these requests quickly. If the DB Console experiences issues rendering these metrics graphs, consider increasing the value of the --max-tsdb-memory flag.

Diagnostics reporting

By default, the DB Console shares anonymous usage details with Cockroach Labs. For information about the details shared and how to opt-out of reporting, see Diagnostics Reporting.

License expiration message

If you have set a license, a license expiration message is displayed at the top-right of the DB Console. While the license is valid, the message will read License expires in X days, where X is the number of days. If the license is no longer valid, the message will read License expired X days ago. Hovering over either message displays a tooltip with the expiration date of the license.

Depending on the status of your cluster's license, the following messages may be displayed in the DB Console:

  • If your cluster was throttled because a valid license key was never added, the message is: This cluster was throttled because it requires a license key. Please add a license key to continue using this cluster.
  • If your cluster has an invalid license key and the cluster is still in the grace period, the message is: Your license key expired on ${DATE1}. The cluster will be throttled on ${DATE2} unless a new license key is added.
  • If your cluster was throttled due to an invalid license, the message is: Your license key expired on ${DATE} and the cluster was throttled. Please add a license key to continue using this cluster.
  • If the cluster is required to send telemetry but has not been sending it, and is not yet being throttled, the message is: Telemetry has not been received from some nodes in this cluster since ${DATE}. These nodes will be throttled on ${DATE} unless telemetry is received.
  • If the cluster is required to send telemetry but has not been sending it, and is currently being throttled, the message is: Telemetry has not been received from some nodes in this cluster since ${DATE1}. These nodes were throttled on ${DATE2}.

For instructions on how to obtain and set a license, refer to Obtain a license.

For more information about throttling and telemetry, refer to What is throttling and how does it work?

See also


Yes No
On this page

Yes No