How to Chain Proxies in Tanzu Observability by Wavefront

This article applies to:

Data Ingestion

Product edition: Proxy Current Release

Feature Category: Proxy


In certain circumstances the output from one Tanzu Observability proxy may need to be directed at another Tanzu Observability proxy (proxy chaining) to provide additional functionality or for specific administrative functions.

Common use cases for proxy chaining:

  • Environments where no direct outbound connections to Tanzu Observability servers are possible, you can use another Tanzu Observability proxy that has outbound access to act as a relay and forward all the data received on its endpoint to the Wavefront tenant.
  • When using a proxy to parse log data, the metrics generated may need additional filtering or tagging through the use of preprocessor rules before they are in an acceptable format.  By sending the metrics to a relaying or chained proxy, certain strings can be altered or dropped depending on the preprocessing rules defined, prior to sending to the Tanzu Observability tenant for ingestion.
  • Proxy chaining can also be useful for the consolidation of preprocessing rules to a central proxy. For example, proxies running in containers on a Kubernetes cluster could relay metrics to the chained proxy which has all required defined preprocessor rules. 


On the proxy which will act as the relay, "Proxy B", open the proxy configuration file wavefront.conf for editing.

The file location is typically located in :

  • Linux - /etc/wavefront/wavefront-proxy/wavefront.conf
  • Mac - /usr/local/etc/wavefront/wavefront-proxy/wavefront.conf
  • Windows - C:\Program Files (x86)\Wavefront\conf\wavefront.conf
  • Uncomment "pushRelayListenerPorts"  line so the proxy will listen for any relay messages.
## This setting is a comma-separated list of ports. (Default: none)

Example wavefront.conf file

On the proxy which will send its metrics to the relay proxy, "Proxy A", open the proxy configuration file wavefront.conf for editing.

Change the server address to the address of relay, "Proxy B", like below:

# The server should be either the primary Wavefront cloud server, or your custom VPC address.
# This will be provided to you by Wavefront.

The Tanzu Observability Authentication Token configured in the wavefront.conf file in relay proxy, "Proxy B", will be used to send the metrics to the Tanzu Observability servers. An Authentication Token for "Proxy A" is not needed.

After making the changes to the wavefront.conf file, restart both of the proxies.


The wavefront.log file from the relay proxy, should include entries showing points being delivered on the relay listener port like example below:

2021-02-04 17:11:50,201 INFO [AbstractReportableEntityHandler:printStats] [2978] Points received rate: 4 pps (1 min), 4 pps (5 min), 0 pps (current).
2021-02-04 17:11:50,201 INFO [AbstractReportableEntityHandler:printStats] [2978] Points delivered rate: 4 pps (1 min), 4 pps (5 min)
2021-02-04 17:12:00,200 INFO [AbstractReportableEntityHandler:printStats] [2978] Points received rate: 4 pps (1 min), 4 pps (5 min), 0 pps (current).
2021-02-04 17:12:00,201 INFO [AbstractReportableEntityHandler:printStats] [2978] Points delivered rate: 4 pps (1 min), 4 pps (5 min)


Testing Proxy Host Connectivity:

You can test connectivity from the originating proxy to the relay proxy using curl or by sending the points locally and verifying they are delivered by querying the metric in the Tanzu Observability UI.

  1. Run the following command from the proxy sending metrics to the relay proxy where  is the address/port of the relay proxy.
    curl -v '' -X POST -d "test.metric 100 source=test.source"

    Sample output:

    * About to connect() to port 2978 (#0)
    * Trying
    * Connected to ( port 2978 (#0)
    > POST / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host:
    > Accept: */*
    > Content-Length: 35
    > Content-Type: application/x-www-form-urlencoded
    * upload completely sent off: 35 out of 35 bytes
    < HTTP/1.1 204 No Content
    < content-type: text/plain
    < connection: keep-alive
    2. Run the following command locally on the proxy sending metrics to the relay proxy and verify the metric is available to query in the Tanzu Observability UI:
    `echo 'test.metric 300 source=test.source' | nc localhost 2878`
    In both scenarios above an authentication token is not needed as the relay proxy will use its own token to authenticate. 


See also:

Testing proxy host connectivity

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Powered by Zendesk