search
githubEdit

OTLP Exporter

This page documents the OpenTelemetry Protocol (OTLP) exporter configuration, which controls how Mermin exports flow records to your observability backend.

hashtag
Overview

OTLP is the standard protocol for OpenTelemetry telemetry data. Mermin exports network flows as OTLP trace spans, enabling integration with any OTLP-compatible backend including OpenTelemetry Collector, Grafana Tempo, Jaeger, and more.

hashtag
Configuration

export "traces" {
  otlp = {
    endpoint               = "http://otel-collector:4317"
    protocol               = "grpc"
    timeout                = "10s"
    max_batch_size         = 512
    max_batch_interval     = "5s"
    max_queue_size         = 32768
    max_concurrent_exports = 1
    max_export_timeout     = "10s"

    auth = {
      basic = {
        user = "username"
        pass = "password"
      }
    }

    tls = {
      insecure_skip_verify = false
      ca_cert              = "/etc/certs/ca.crt"
      client_cert          = "/etc/certs/client.crt"
      client_key           = "/etc/certs/client.key"
    }
  }
}

hashtag
Basic Configuration Options

hashtag
endpoint

Type: String (URL) Default: "http://localhost:4317"

OTLP collector endpoint URL.

Format:

  • http://hostname:port for unencrypted gRPC

  • https://hostname:port for TLS-encrypted gRPC

  • Port 4317 is standard for gRPC

  • Port 4318 is standard for HTTP

Examples:

Kubernetes Service Discovery:

hashtag
protocol

Type: String (enum) Default: "grpc"

OTLP transport protocol.

Valid Values:

  • "grpc": gRPC protocol (recommended, default)

  • "http_binary": HTTP with binary protobuf payload

Examples:

Protocol Comparison:

Feature
gRPC
HTTP

Performance

Higher

Moderate

Streaming

Yes

No

Firewall Friendly

Less

More

Standard Port

4317

4318

HTTP/2 Required

Yes

No

hashtag
timeout

Type: Duration Default: "10s"

Timeout for individual OTLP export requests.

Examples:

Tuning:

  • Fast networks: 5s-10s

  • WAN/Internet: 15s-30s

  • High latency: 30s-60s

hashtag
Batching Configuration

Mermin uses OpenTelemetry's BatchSpanProcessor for efficient batching and export of flow spans. The processor queues spans asynchronously and exports them in batches, providing natural backpressure when the queue fills up.

hashtag
max_batch_size

Type: Integer Default: 1024

Maximum number of spans (flow records) per batch.

Examples:

Trade-offs:

  • Larger batches: Better efficiency, higher latency

  • Smaller batches: Lower latency, more requests

hashtag
max_batch_interval

Type: Duration Default: "2s"

Maximum time to wait before exporting a partial batch.

Examples:

Behavior:

  • Batch is exported when it reaches max_batch_size OR max_batch_interval (whichever comes first)

  • Prevents indefinite waiting for partial batches

hashtag
max_queue_size

Type: Integer Default: 32768

Maximum number of spans queued in the BatchSpanProcessor before they are exported.

Critical for High Throughput:

This is the internal queue capacity of OpenTelemetry's BatchSpanProcessor. When this queue fills up:

  • New spans are dropped silently (OpenTelemetry will log a warning)

  • The queue uses try_send which is non-blocking, so your pipeline won't deadlock

  • This provides natural backpressure during export slowdowns

Examples:

Queue Behavior:

  • Acts as buffer during temporary collector unavailability or slow exports

  • When full, export() calls block until space is available (with 60s timeout protection)

  • Default sized to buffer ~30 minutes at typical enterprise workloads (1K-5K flows/sec)

  • Monitor mermin_export_timeouts_total and mermin_export_blocking_time_seconds metrics

hashtag
max_concurrent_exports

Type: Integer Default: 4

Maximum number of concurrent export requests to the backend.

Tuning for Throughput:

This setting is critical for high-throughput scenarios. With the defaults:

  • 1024 spans/batch × 100 batches/sec/worker = 102,400 flows/sec capacity

  • Each worker needs ~40ms per export (including network + backend processing)

  • If exports take longer, increase this value

Recommendations:

  • 2-4: Good for most scenarios (default is 4)

  • 6-8: High backend latency (>50ms per export)

  • 1: Low-latency, high-performance backends only

Examples:

circle-exclamation

Values > 1 are experimental. Use with caution and monitor for ordering issues.

hashtag
max_export_timeout

Type: Duration Default: "10s"

Maximum time for export operation including retries.

Examples:

hashtag
Authentication Configuration

hashtag
Basic Authentication

Using Environment Variables:

Using Kubernetes Secrets:

hashtag
Bearer Authentication

hashtag
TLS Configuration

hashtag
TLS with System CA Certificates

For standard TLS using system root certificates:

hashtag
TLS with Custom CA Certificate

For self-signed certificates or custom CAs:

Mounting CA certificate in Kubernetes:

hashtag
Mutual TLS (mTLS)

For client certificate authentication:

Mounting client certificates in Kubernetes:

hashtag
Insecure Mode (Development Only)

triangle-exclamation

Never use in production! This disables all certificate verification and makes connections vulnerable to man-in-the-middle attacks.

hashtag
Performance Tuning

hashtag
High-Throughput Configuration

For environments processing > 10,000 flows/second:

hashtag
Low-Latency Configuration

For real-time monitoring:

hashtag
Reliable Export Configuration

For maximum reliability:

hashtag
Complete Configuration Examples

hashtag
Minimal (Local Development)

hashtag
Standard (Production)

hashtag
Secure (TLS + Auth)

hashtag
Monitoring Export Health

hashtag
Key Metrics to Monitor

  • mermin_export_flow_spans_total{exporter_type="otlp",status="ok"} - OTLP export success rate

  • mermin_export_flow_spans_total{exporter_type="otlp",status="error"} - OTLP export errors

  • mermin_channel_size{channel="producer_output"} / mermin_channel_capacity{channel="producer_output"} - Channel utilization

  • mermin_export_latency_seconds - Export latency histogram

  • mermin_channel_sends_total{channel="decorator_output",status="error"} - Channel send failures (indicates dropped spans)

See the Application Metrics guide for complete Prometheus query examples.

hashtag
Healthy Indicators

  • Zero or minimal export errors

  • Queue size well below max

  • Export latency < timeout

  • No channel send errors

hashtag
Troubleshooting

hashtag
Connection Refused

Symptoms: connection refused errors

Solutions:

  1. Verify collector is running: kubectl get pods -l app=otel-collector

  2. Check endpoint URL and port

  3. Verify network policies allow egress

  4. Test connectivity: kubectl exec <mermin-pod> -- wget -O- http://otel-collector:4317

hashtag
TLS Certificate Errors

Symptoms: certificate verify failed, x509 errors

Solutions:

  1. Verify CA certificate is correct

  2. Check certificate hasn't expired

  3. Ensure hostname matches certificate CN/SAN

  4. For self-signed certs, use ca_cert configuration

hashtag
Timeout Errors

Symptoms: context deadline exceeded, timeout errors

Solutions:

  1. Increase timeout value

  2. Check collector performance

  3. Reduce max_batch_size

  4. Verify network latency

hashtag
Queue Full / Dropped Spans

Symptoms: mermin_channel_sends_total{channel="decorator_output",status="error"} or mermin_channel_sends_total{channel="producer_output",status="error"} increasing

Solutions:

  1. Increase max_queue_size in exporter configuration

  2. Increase collector capacity

  3. Reduce max_batch_interval for faster export

  4. Monitor mermin_channel_entries{channel="decorator_output"} to see queue depth

  5. Check collector for backpressure

hashtag
Next Steps

Last updated