DB Console Overview

On this page Carat arrow pointing down

The DB Console provides details about your cluster and database configuration, and helps you optimize cluster performance.

Note:

Authorized CockroachDB Advanced cluster users can visit the DB Console at a URL provisioned for the cluster.

Refer to: Network Authorization for CockroachDB Cloud Clusters—DB Console

Authentication

The DB Console supports username/password login and single sign-on (SSO) for Advanced and Enterprise clusters.

The DB Console login page can also be used to provision authentication tokens for SQL client access.

Refer to:

  • Single Sign-on (SSO) for DB Console
  • [Cluster Single Sign-on (SSO) using JSON web tokens (JWTs)]

DB Console areas

Overview

The Overview page provides a cluster overview and node list and map.

  • Cluster Overview has essential metrics about the cluster and nodes, including liveness status, replication status, uptime, and hardware usage.
  • Node List has a list of cluster metrics at the locality and node levels.
  • Node Map displays a geographical configuration of your cluster and metrics at the locality and node levels, visualized on a map.

Metrics

The Metrics page provides dashboards for all types of CockroachDB metrics.

Databases

The Databases page shows details about the system and user databases in the cluster.

SQL Activity

The SQL Activity page summarizes SQL activity in your cluster.

Insights

The Insights page exposes problematic health signals and enables you to quickly find optimization opportunities to maximize database efficiency. The Insights page contains workload-level and schema-level insights.

Network Latency

The Network Latency page shows latencies and lost connections between all nodes in your cluster.

Jobs

The Jobs page shows details of jobs running in the cluster.

Advanced Debug

The Advanced Debug page provides advanced monitoring and troubleshooting reports. These include details about data distribution, the state of specific queues, and slow query metrics. These details are largely intended for use by CockroachDB developers. To access the Advanced Debug page, the user must be a member of the admin role or must have the VIEWDEBUG system privilege defined.

DB Console access

You can access the DB Console from every node at http://<host>:<http-port>, or http://<host>:8080 by default.

  • If you included the --http-addr flag when starting nodes, use the IP address or hostname and port specified by that flag.
  • If you didn't include the --http-addr flag when starting nodes, use the IP address or hostname specified by the --listen-addr flag and port 8080.
  • If you are running a secure cluster, use https instead of http.

For guidance on accessing the DB Console in the context of cluster deployment, see Start a Local Cluster and Manual Deployment.

Proxy DB Console

If your CockroachDB cluster is behind a load balancer, you may wish to proxy your DB Console connection to a different node in the cluster from the node you first connect to. This is useful in deployments where a third-party load balancer otherwise determines which CockroachDB node you connect to in DB Console, or where web management access is limited to a subset of CockroachDB instances in a cluster.

You can accomplish this using one of these methods:

  • Once connected to DB Console, use the Web server dropdown menu from the Advanced Debug page to select a different node to proxy to.
  • Use the remote_node_id parameter in your DB Console URL to proxy directly to a specific node. For example, use http://<host>:<http-port>/?remote_node_id=2 to proxy directly to node 2.

DB Console security considerations

Access to DB Console is a function of cluster security and the privileges of the accessing user.

Cluster security

On insecure clusters, all areas of the DB Console are accessible to all users.

On secure clusters, for each user who should have access to the DB Console, you must create a user with a password and optionally GRANT the user system-level privileges or membership to the admin role.

Privilege-based security

All users have access to data over which they have privileges (e.g., jobs and list of sessions), and data that does not require privileges (e.g., cluster health, node status, metrics).

The following areas display information from privileged HTTP endpoints that require the user to have the admin role or the specified system-level privileges.

DB Console area System-level privilege Privileged information
Databases VIEWACTIVITY or VIEWACTIVITYREDACTED Stored table data
Statements VIEWACTIVITY or VIEWACTIVITYREDACTED SQL statements
Transactions VIEWACTIVITY or VIEWACTIVITYREDACTED Transactions
Sessions VIEWACTIVITY or VIEWACTIVITYREDACTED Sessions
Insights VIEWACTIVITY or VIEWACTIVITYREDACTED Insights
Hot Ranges VIEWCLUSTERMETADATA Ranges
Jobs VIEWJOB Jobs
Advanced Debug VIEWDEBUG Debugging and profiling endpoints
Advanced Debug > Problem Ranges VIEWCLUSTERMETADATA Ranges
Advanced Debug > Data Distribution and Zone Configs VIEWCLUSTERMETADATA Ranges
Advanced Debug > Cluster Settings VIEWCLUSTERSETTING or MODIFYCLUSTERSETTING Cluster Settings

DB Console timezone configuration

You can view timestamps in the DB Console in your preferred timezone using the ui.display_timezone cluster setting. Currently supported timezones are Coordinated Universal Time (etc/utc, the default) and America/New_York (america/new_york):

icon/buttons/copy
SET CLUSTER SETTING ui.display_timezone = 'america/new_york';

DB Console troubleshooting

The DB Console stores temporary data in a time-series database in order to generate the various metrics graphs. If your cluster is comprised of a large number of nodes where individual nodes have very limited memory available (e.g., under 8 GiB), this underlying time-series database may not have enough memory available per-node to serve these requests quickly. If the DB Console experiences issues rendering these metrics graphs, consider increasing the value of the --max-tsdb-memory flag.

Diagnostics reporting

By default, the DB Console shares anonymous usage details with Cockroach Labs. For information about the details shared and how to opt-out of reporting, see Diagnostics Reporting.

See also


Yes No
On this page

Yes No