Health+ Frequently Asked Questions for Confluent Platform

How does Health+ work?

Health+ works by sending telemetry data from Confluent Platform services to our cloud-backed service for collection and aggregation. Each component in Confluent Platform can be enabled to emit Telemetry data to be securely sent to Health+. Data is sent over HTTPS using an encrypted connection.

What data is sent to Confluent when using Health+?

When talking about “data” we can break this into two main categories:

  • Message content refers to data sent to and stored on Kafka topics. This is the message-level data that your organization processes using applications that are built on top of Kafka.
  • Telemetry data refers to data about the health and operational status of your Kafka services. This data doesn’t contain any message content. This is information typically requested by Confluent’s Support Team when troubleshooting an issue with you.

By setting up Confluent Health+, the collection and transmission of Telemetry data to Confluent is done automatically. Message content is NOT collected. You must configure the Confluent Telemetry Reporter on any service that you want to enable Confluent Health+ for. Once configured, the Telemetry Reporter emits a defined set of metrics on a 1-minute basis to Confluent. The metrics emitted for each service are documented under Telemetry Reporter Metrics Reference for Confluent Platform and versioned appropriately. Refer to your Confluent Platform version for the specific metrics collected.

If new metrics are collected through subsequent releases of Confluent Platform, how will I be notified?

In new releases of Confluent Platform we may collect additional metrics through updates to the Confluent Telemetry Reporter. The new metrics collected will be added to the Telemetry Reporter Metrics documentation with the Confluent Platform version they were added in called out under the “Since Confluent version” column. When planning an upgrade, we recommend you check this page for the version you intend to upgrade to see the delta of new metrics collected.

How is the telemetry data that I send to Confluent secured in transit and at rest?

Data is sent over HTTPS using an encrypted connection to Confluent. Access to data is governed by Confluent’s Data Classification and Handling Standards.

How long is the telemetry data that I send to Confluent retained for?

Data sent to Confluent is retained for seven days in a queryable state. You can access it by using the UI and through the Metrics API. Data older than seven days is condensed and stored for two years. Storing multiple years of historical data enables us to introduce future features and insights in Health+ on year-over-year trends for your services reporting Telemetry data.

Note

For customers on the Free Tier of Health+, only one hour of data can be accessed through the UI.

Where is the data that is sent to Confluent located?

Telemetry data sent to Confluent for Health+ is stored in a multi-tenant infrastructure within the United States.

Can I request that my telemetry data be stored in a different country/region?

At this time, we do not offer the option to store Confluent Health+ telemetry data in different countries/regions.

Can certain data points, like topic names or hostnames, be excluded from the metadata tags sent to Confluent?

Attaching certain metadata tags on our incoming metrics is necessary to correctly categorize and store metrics against the appropriate resources. Because of the necessity of these tags to identify a resource uniquely for storing a metric against, they can’t be excluded from the telemetry data sent.

Who at Confluent can access the data I transmit?

Only you (the customer) have access to the telemetry data, through our Health+ UI and Metrics API, and Confluent teams that provide direct or indirect support for customers.

How is access to my data secured?

Your data can be accessed securely via a User Account in the Confluent Cloud Console. Confluent team members providing direct or indirect support can access this data over HTTPS/TLS. Authentication for Confluent team members requires an authenticated email address, strong password and 2FA features.

Is it required that I open outbound traffic from my Confluent Platform services to use Health+?

Yes. To send telemetry data via our Telemetry Reporter, you must allow outbound traffic to Confluent Cloud for your individual Confluent Platform services or route telemetry data through a proxy server that can send outbound traffic. For more information, see Configuration with a proxy.

What endpoint is my telemetry data sent to?

The Telemetry Reporter sends its telemetry data to endpoint https://collector.telemetry.confluent.cloud/. Ensure this base URL is included in your whitelist for outbound traffic.

How much outbound traffic (egress) should I expect from my services from the Telemetry Reporter?

The amount of egress data sent by the Telemetry Reporter varies by service and cluster size. We estimate an average total egress data ranging from 1-25kB per service per minute. Egress data should not exceed more than a few MBs per broker per minute in the largest clusters.

How can I verify what telemetry data is being sent?

The Confluent Telemetry Reporter supports routing telemetry data through an authenticated HTTP proxy. Using this proxy, you can observe all outbound traffic sent via the Telemetry Reporter. For more information, see Configuration with a proxy.

What terms govern my use of Health+?

Your use of Health+ is governed solely by the Confluent Subscription Agreement unless you have entered into a written agreement with Confluent covering Confluent Platform, in which case the written agreement covering Confluent Platform shall govern your use.

Do I need to create a Confluent Cloud cluster to use Health+?

No. Creation of a Confluent Cloud cluster is not required to use Health+.

How do I sign up for Health+?

Visit the signup page: Sign up for Confluent Health+ and follow the instructions in the Cloud Console.

How do I see the cluster tile for my Confluent Platform deployment if I’m not a member of an admin role?

If you are not a member of the OrganizationAdmin, EnvironmentAdmin, or CloudClusterAdmin roles, then you must add your user account to the MetricsViewer role to see the cluster tile for your Confluent Platform deployment.