Set up private probes
Probes are blackbox agents responsible for executing the configured checks on specified targets, which are URLs or endpoints of web applications or services that you want to monitor. The probes simulate user interactions with these targets by sending requests and recording the responses.
Each probe sends metrics and logs to the Synthetic Monitoring backend, including such information as target availability and health and response latencies. The Synthetic Monitoring dashboard then displays that information.
In addition to the public probes run by Grafana Labs, you can also install private probes. These are only accessible to you and only write data to your Grafana Cloud account. Private probes are instances of the open source Grafana Synthetic Monitoring Agent.
Before you begin
- You must have the Admin role in Grafana to access the Synthetic Monitoring config page.
- Install and configure Synthetic Monitoring before adding a private probe.
- Installing from the Grafana APT repository on amd64-based Debian and Ubuntu systems is the only packaging option provided. On other systems, you need to build the agent from source.
- You can install multiple private probes. Each private probe has its own unique Probe Authentication Token.
Add a new probe in your Grafana instance
- Navigate to Testing & synthetics > Synthetics > Probes.
- Click Add Private Probe.
- Enter a Probe Name.
- Enter a Latitude and Longitude to see an accurate location on the map panel.
- Enter a Region. Defaults are
AMER
,EMEA
, andAPAC
, but you may define your own. - Optionally enter up to three custom labels to identify your probe.
- Click Save.
- Copy the Probe Authentication Token and save it for the next step.
Probe API Server URL
Based on the region of your stack, you need to use a different API server URL
when setting up a private probe. If you are unsure about the region of your
stack, go to your Grafana instance and the Config page under
Synthetic Monitoring and search for backend address
.
Note
The config expects API server URLs withouthttps://
. If you receive an error, verify that you have omittedhttps://
.
Region | Provider | API server URL | Backend address |
---|---|---|---|
Amsterdam | Azure | synthetic-monitoring-grpc-eu-west-3.grafana.net:443 | synthetic-monitoring-api-eu-west-3.grafana.net |
Australia | GCP | synthetic-monitoring-grpc-au-southeast.grafana.net:443 | synthetic-monitoring-api-au-southeast.grafana.net |
Australia | AWS | synthetic-monitoring-grpc-au-southeast-1.grafana.net:443 | synthetic-monitoring-api-au-southeast-1.grafana.net |
Brazil | GCP | synthetic-monitoring-grpc-sa-east-0.grafana.net:443 | synthetic-monitoring-api-sa-east-0.grafana.net |
Brazil | AWS | synthetic-monitoring-grpc-sa-east-1.grafana.net:443 | synthetic-monitoring-api-sa-east-1.grafana.net |
Canada | AWS | synthetic-monitoring-grpc-ca-east-0.grafana.net:443 | synthetic-monitoring-api-ca-east-0.grafana.net |
Europe | AWS | synthetic-monitoring-grpc-eu-west-2.grafana.net:443 | synthetic-monitoring-api-eu-west-2.grafana.net |
Europe | GCP | synthetic-monitoring-grpc-eu-west.grafana.net:443 | synthetic-monitoring-api-eu-west.grafana.net |
India | GCP | synthetic-monitoring-grpc-ap-south-0.grafana.net:443 | synthetic-monitoring-api-ap-south-0.grafana.net |
India | AWS | synthetic-monitoring-grpc-ap-south-1.grafana.net:443 | synthetic-monitoring-api-ap-south-1.grafana.net |
Japan | AWS | synthetic-monitoring-grpc-ap-northeast-0.grafana.net:443 | synthetic-monitoring-api-ap-northeast-0.grafana.net |
Saudi Arabia | GCP | synthetic-monitoring-grpc-me-central-0.grafana.net:443 | synthetic-monitoring-grpc-me-central-0.grafana.net |
Singapore | GCP | synthetic-monitoring-grpc-ap-southeast-0.grafana.net:443 | synthetic-monitoring-api-ap-southeast-0.grafana.net |
Singapore | AWS | synthetic-monitoring-grpc-ap-southeast-1.grafana.net:443 | synthetic-monitoring-api-ap-southeast-1.grafana.net |
Indonesia | AWS | synthetic-monitoring-grpc-ap-southeast-2.grafana.net:443 | synthetic-monitoring-api-ap-southeast-2.grafana.net |
Sweden | AWS | synthetic-monitoring-grpc-eu-north-0.grafana.net:443 | synthetic-monitoring-api-eu-north-0.grafana.net |
UAE | AWS | synthetic-monitoring-grpc-me-central-1.grafana.net:443 | synthetic-monitoring-grpc-me-central-1.grafana.net |
UK | GCP | synthetic-monitoring-grpc-gb-south.grafana.net:443 | synthetic-monitoring-api-gb-south.grafana.net |
United States East | AWS | synthetic-monitoring-grpc-us-east-0.grafana.net:443 | synthetic-monitoring-api-us-east-0.grafana.net |
United States West | AWS | synthetic-monitoring-grpc-us-west-0.grafana.net:443 | synthetic-monitoring-api-us-west-0.grafana.net |
United States | Azure | synthetic-monitoring-grpc-us-central2.grafana.net:443 | synthetic-monitoring-api-us-central2.grafana.net |
United States | GCP | synthetic-monitoring-grpc.grafana.net:443 | synthetic-monitoring-api.grafana.net |
Firewall configuration
To ensure successful communication between your private Synthetic Monitoring probes and the necessary services, adjust your firewall rules as follows:
Synthetic Monitoring server
- Allow outbound connections from the probe to the “API server URL” specified in the preceding table.
Prometheus and Loki instances
- Identify the data sources: navigate to the Config section of the Synthetic Monitoring plugin in your Grafana instance.
- Locate the Linked Data Sources section and click on each data source.
- Obtain the URL: under the Connection section, note the URL associated with each data source.
- Allow outbound connections from the probe to the hosts corresponding to these URLs.
Monitored targets
Consider the check type: the firewall configuration varies based on the specific checks you’ve configured.
- ICMP: for ping and traceroute checks.
- UDP or TCP: for DNS checks.
- TCP: for GRPC, HTTP, and MultiHTTP checks.
Allow inbound connections to the targets you want to monitor, ensuring compatibility with the required protocols.
Install the agent on Ubuntu/Debian
You can install the agent using the Grafana official APT repository.
Add the required packages and the repository GPG key.
sudo apt install -y wget gnupg sudo mkdir -p /etc/apt/keyrings/ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg
Add the repository for stable releases.
echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list
Run the following commands.
sudo apt update sudo apt install synthetic-monitoring-agent
Configure the probe.
- Open
/etc/synthetic-monitoring/synthetic-monitoring-agent.conf
. - Replace
<YOUR TOKEN HERE>
with the probe authentication token. - Repleace
API_SERVER
with Probe API Server URL based on your stack region. (defaults to US region) - Save the file.
- Open
Restart the agent.
sudo service synthetic-monitoring-agent restart
The new probe appears on your Synthetics > Probes page.
Install the agent on distributions using yum
You can install the agent using the official YUM repository.
Add the repository and the GPG key to the configuration.
sudo yum-config-manager --add-repo https://rpm.grafana.com wget https://rpm.grafana.com/gpg.key sudo rpm --import gpg.key
Install the agent.
sudo yum install synthetic-monitoring-agent sudo systemctl status synthetic-monitoring-agent.service
This last command will tell you that the service is loaded but disabled. Before enabling, it you need to add the probe to your Synthetic Monitoring configuration.
Configure the agent.
Edit the file
/etc/synthetic-monitoring/synthetic-monitoring-agent.conf
and make the following changes:- Replace
<YOUR TOKEN HERE>
with the probe authentication token. - Replace
API_SERVER
with the API Server URL corresponding to your stack’s region. Defaults to the US region.
- Replace
Enable the service and start it.
sudo systemctl enable synthetic-monitoring-agent.service sudo systemctl start synthetic-monitoring-agent.service
Deploy the agent using Docker
You can find the Synthetic Monitoring Agent Docker image on Docker Hub
Pull image from Docker Hub.
docker pull grafana/synthetic-monitoring-agent:latest
Export required configuration as environment variables.
Replace
<YOUR TOKEN>
with the probe authentication token. Replace<PROBE_API_SERVER_URL>
with Probe API Server URL based on your stack region.export API_TOKEN=<YOUR_TOKEN> export API_SERVER="<PROBE_API_SERVER_URL>"
Start the agent.
docker run grafana/synthetic-monitoring-agent --api-server-address=${API_SERVER} --api-token=${API_TOKEN} --verbose=true
The new probe appears on your Synthetics > Probes page.
Deployment with Kubernetes
You can deploy the Synthetic Monitoring Agent to Kubernetes using the Synthetic Monitoring Agent Docker image.
In the agent GitHub repository, you can also find a Kubernetes Deployment example. The following section uses the example files to deploy a Synthetic Monitoring agent in a Kubernetes namespace.
Get the deployment files.
wget https://raw.githubusercontent.com/grafana/synthetic-monitoring-agent/main/examples/kubernetes/namespace.yaml wget https://raw.githubusercontent.com/grafana/synthetic-monitoring-agent/main/examples/kubernetes/secret.yaml wget https://raw.githubusercontent.com/grafana/synthetic-monitoring-agent/main/examples/kubernetes/deployment.yaml
Create the
synthetic-monitoring
namespace.kubectl apply -f namespace.yaml
Create a secret with the Probe Authentication Token.
Replace
YOUR_TOKEN_HERE
insecret.yaml
with your Probe Authentication Token.kubectl apply -f secret.yaml # verify secret kubectl get secrets -n synthetic-monitoring
Deploy the Synthetic Monitoring Agent.
Replace
PROBE_API_SERVER_URL
indeployment.yaml
with Probe API Server URL based on your stack region.kubectl apply -f deployment.yaml
The new probe appears on your Synthetics > Probes page.
Configure feature flags
You can use feature flags to enable features in the private probe.
There are two ways to enable features:
Edit the file
/etc/synthetic-monitoring/synthetic-monitoring-agent.conf
and make the following changes:FEATURES = <list of features comma separated>
Export the list of features as an environment variable.
export FEATURES=<list of features comma separated>
Available feature flags
These features are disabled by default.
Feature flag name | Description |
---|---|
adhoc | Click the Test button in the check editor UI to run checks out of schedule. If this isn’t enabled, the test result is a timeout. |
k6 | Run k6-based checks. |
traceroute | Run traceroute checks, in addition to ping checks. Depending on your environment, you might need to grant specific permission to the probe process or container. |
Running k6 browser checks on a private probe
To be able to run k6 browser checks on private probes, you will need to have a Chromium-compatible web browser available on the system where the probe is running. Additionally, you need to make sure that in the probe settings page in your Grafana stack (Testing & synthetics > Synthetics > Probes), both “Disable scripted checks” and “Disable browser checks” are unchecked.
k6 browser checks on Ubuntu, Debian, and RPM-based distributions
If you installed the Synthetic Monitoring Agent on you distribution via your package manager, your distribution needs to have Chromium installed, and a chromium
binary available in $PATH
. Alternatively, if you do not want to make chromium
widely available, or you wish to use a specific installation, you can add set K6_BROWSER_EXECUTABLE_PATH
in the synthetic monitoring agent’s environment to the full path of a chromium
binary. For advanced use cases, you can also define K6_BROWSER_ARGS
with additional arguments that the agent will use when launching Chromium.
k6 browser checks on Docker, Kubernetes, and other container-based environments
For container-based environments, we provide a special image that already includes an installation of Chromium. These images are tagged with the -browser
suffix, for example grafana/synthetic-monitoring-agent:vX.Y.Z-browser
, as opposed to grafana/synthetic-monitoring-agent:vX.Y.Z
.
Agent images tagged with the -browser
suffix can run all types of checks, while those tagged without the -browser
suffix can run every check type except k6 browser checks. If you do not plan to use browser checks, we recommend using the standard image, as it is lighter and more minimal. Swapping to a -browser
can be done at any time without any manual intervention, other than changing the tag.
Troubleshooting private probes
If you are facing problems with your private probes, check the following:
- Check the probe version using the
-version
flag and make sure you are running a supported version. - Make sure the probe has a valid probe access token.
- Make sure the probe can connect to the Synthetic Monitoring API server.
- Run the Synthetic Monitoring Agent in debug mode with the
-debug
and-verbose
flags and check for errors in the logs. - Check the Synthetic Monitoring Agent metrics. The default address for Synthetic Monitoring Agent Prometheus metrics is
localhost:4050/metrics
.
If you are still facing issues with Private Probes, ask for help in the community forum. Refer to Account types and support available for Grafana Cloud users for more information.
Production deployments
The agent process exposes Prometheus-style metrics on an HTTP server running on port 4050 with the “/metrics” endpoint.
You can scrape and monitor your private probe using Prometheus or Grafana Agent.
Next steps
You must reconfigure any checks to use your new probe even if you selected all probes when initially creating the check.
The Synthetic Monitoring Agent is open source and available on GitHub.