Cloud Data Loss Prevention sends detailed telemetry about your Cloud DLP usage to Cloud Monitoring. This can be useful to monitor for unexpected findings, amount of data scanned or transformed, errors in job triggers or jobs, and expenses.
Using Cloud Monitoring with Cloud DLP
Using Metrics Explorer in Cloud Monitoring, you can dig into available metrics data to give you insight into your Cloud DLP usage. Monitoring supports a wide variety of metrics, which you can combine with filters and aggregations for new and insightful views.
To view the metrics for a monitored resource by using Metrics Explorer, do the following:
- In the Google Cloud console, go to Monitoring or use the following button:
Go to Monitoring - In the Monitoring navigation pane, click
Metrics Explorer.
- In the toolbar, select the Explorer tab.
- Select the Configuration tab.
- Expand the Select a metric menu, and then use the submenus to select a
resource type and metric. For example, to chart the CPU utilization of a
virtual machine, do the following:
- (Optional) To reduce the menu's options, enter part of the metric name in the
Filter bar. For this example, enter
utilization. - In the Active resources menu, select VM instance.
- In the Active metric categories menu, select Instance.
- In the Active metrics menu, select CPU utilization.
- (Optional) To reduce the menu's options, enter part of the metric name in the
Filter bar. For this example, enter
To see Cloud DLP-specific metrics in Metrics Explorer, search with
dlp.googleapis.com to refine your search results.
To see API metrics in Metrics Explorer, select Consumed API as the resource type, and then use the filter and aggregation options to refine your data.
After you've found the metrics you want, you can use Monitoring to create custom dashboards and alerts that will help you continue to monitor and maintain a robust application.
Monitoring & graphing metrics
When graphing metrics, the most common way to do so is to aggregate using Advanced Aggregation and the following settings:
- Aligner: SUM
- Alignment Period: 1440
This will provide you with a chart showing you results per day.
Cloud Monitoring supports alerting on all metrics. Using the Cloud DLP metrics, you can alert on use cases that include:
- Monitor
content_bytes_inspected_countorcontent_bytes_transformed_countto alert when spend has exceeded budget for a day. - Alert when the number of total findings or findings for a specific
infoType exceed a threshold. For example, you can build an alert if
CREDIT_CARD_NUMBERfindings exceed 0 in a given project where no PII should exist.
Available metrics
Launch stages of these metrics: Beta
| Metric type Display name |
|
|---|---|
| Kind, Type, Unit Launch stage |
Description Labels |
finding_countNumber of findings |
|
DELTA, INT64, By
Beta |
Number of findings per second. Only populated for jobs where the
action PublishToStackdriver is included.
|
content_bytes_inspected_countContent bytes inspected |
|
DELTA, INT64, By
Beta |
Number of bytes inspected in content methods per second. |
content_bytes_transformed_countContent bytes transformed |
|
DELTA, INT64, By
Beta |
Number of bytes transformed in content methods per second. |
storage_bytes_inspected_countStorage bytes inspected |
|
DELTA, INT64, By
Beta |
Number of bytes inspected in Cloud DLP jobs. |
storage_bytes_transformed_countStorage bytes transformed |
|
DELTA, INT64, By
Beta |
Number of bytes transformed in Cloud DLP jobs. |
job_result_countJob results |
|
DELTA, INT64, 1
Beta |
Results of Cloud DLP jobs. True if the job was success and false otherwise. |
job_trigger_run_countJob trigger runs |
|
DELTA, INT64, 1
Beta |
Results of job trigger runs. |