Metrics Exporters
AI Guard supports two exporter types for shipping metrics data. The OneTrust exporter sends pre-aggregated metrics directly to the OneTrust Discovery Platform API. The OTLP exporter sends standard OpenTelemetry data points to a collector over gRPC.
OneTrust Exporter (Production)
The OneTrust exporter transforms OpenTelemetry ResourceMetrics into the OneTrust ObservabilityMetricsRequest format and POSTs them to the Discovery Platform API. This is the default exporter for production Workernode deployments.
Configuration
metrics:
exporter:
type: onetrust
collector-endpoint: "${DATADISCOVERY_ONPREM_AGENT_URI:-http://datadiscovery-onprem-agent:8080}"
interval: ${METRICS_EXPORT_INTERVAL:-hour}
initial-backoff: 0.15
max-retry-duration: 30.0
trusted-root-path: ${METRICS_ENDPOINT_TRUSTED_ROOT_PATH:-}
trusted-root-address: ${METRICS_ENDPOINT_TRUSTED_ROOT_ADDRESS:-}Configuration Fields
| Field | Env Var | Default | Description |
|---|---|---|---|
collector-endpoint | DATADISCOVERY_ONPREM_AGENT_URI | http://datadiscovery-onprem-agent:8080 | Base URL of the Discovery Platform. POSTs to {endpoint}/api/discovery-platform/v1/send-async |
interval | METRICS_EXPORT_INTERVAL | hour | Aggregation window. Currently only hour is supported (3600s) |
initial-backoff | β | 0.15 | Seconds before the first retry on failure (exponential backoff) |
max-retry-duration | β | 30.0 | Maximum total seconds spent retrying before dropping the export |
trusted-root-path | METRICS_ENDPOINT_TRUSTED_ROOT_PATH | β | Optional. PEM CA certificate for the endpoint |
trusted-root-address | METRICS_ENDPOINT_TRUSTED_ROOT_ADDRESS | β | Optional. Override host:port for the endpoint |
Data Transform
The exporter transforms OpenTelemetry data into the OneTrust format. The transform behavior depends on the meter type:
Counters
Each counter data point produces a single entry with statistic: COUNT and the delta count as the value.
Applies to: ai_guard.redact, ai_guard.classification, ai_guard.user
Histograms
Each histogram data point produces up to four entries with pre-computed statistics:
| Statistic | Value |
|---|---|
AVG | sum / count |
MIN | Minimum recorded value in the interval |
MAX | Maximum recorded value in the interval |
P99 | 99th percentile, interpolated from histogram bucket boundaries |
Applies to: ai_guard.agent
Request Format
Each export sends a single JSON POST to {collector-endpoint}/api/discovery-platform/v1/send-async:
{
"requestType": "OBSERVABILITY_METRICS",
"source": "AI_OBSERVABILITY",
"observabilityMetrics": [
{
"resourceType": "AGENT",
"uniqueIdentifier": "my-agent",
"metricsKey": "ai_guard.redact",
"metricsValue": 42,
"aggregatedDuration": 3600,
"statistic": "COUNT",
"source": "AI_GUARD",
"platform": "AMAZON_BEDROCK",
"startTime": "2026-03-07T00:00:00Z",
"additionalAttributes": "{\"action\":\"redact\",\"actor\":\"user\"}"
}
],
"evaluationJobMetricsDetails": []
}| Field | Description |
|---|---|
resourceType | Always "AGENT" |
uniqueIdentifier | The agent_id attribute from the metric |
metricsKey | The meter name (e.g., ai_guard.redact) |
metricsValue | The numeric value |
aggregatedDuration | Export interval in seconds (3600) |
statistic | COUNT, AVG, MIN, MAX, or P99 |
platform | The platform attribute mapped to AIPlatform enum |
startTime | ISO 8601 timestamp of the interval start |
additionalAttributes | JSON string of remaining attributes |
Retry Behavior
On a failed POST, the client retries with exponential backoff:
- Wait
initial-backoffseconds (default: 0.15s) - Double the wait time on each subsequent attempt
- Stop after
max-retry-durationseconds total (default: 30s) - If all retries are exhausted, the export is dropped and an error is logged
OTLP Exporter (Development / Custom)
The OTLP exporter sends standard OpenTelemetry data points over gRPC to a collector. A PeriodicReader flushes accumulated data on the configured interval.
Configuration
metrics:
exporter:
type: otlp
collector-endpoint: "http://${OTEL_GRPC_HOST}:${OTEL_GRPC_PORT}"
collector-token-path: "${COLLECTOR_TOKEN_PATH}"
interval: ${OTEL_EXPORT_INTERVAL:-3600}
temporality: cumulativeConfiguration Fields
| Field | Description |
|---|---|
collector-endpoint | gRPC endpoint URL of the OpenTelemetry Collector |
collector-token-path | Path to a file containing the Bearer token for collector authentication |
interval | Export interval in seconds |
temporality | Aggregation temporality: cumulative or delta |
Temporality
| Mode | Behavior | Downstream |
|---|---|---|
| Cumulative | Each data point is a running total from process start | Consumers derive per-interval values by diffing consecutive exports |
| Delta | Each data point covers only the current interval | Values can be used directly without diffing |
Cumulative notes:
- A counter reset (service restart) is detected when
start_timechanges or the value decreases - The consumer starts a new accumulation rather than diffing across the reset boundary
Delta notes:
- Values reset to zero at the start of each interval
- No reset detection needed downstream
Disabling Metrics
If the metrics section is omitted from the configuration file, metrics collection is disabled entirely. The service will not register any meters, and POST /metric requests will return 400 Bad Request.
What's Next?
- Meter Definitions β What each meter tracks
- Metrics Overview β Pipeline architecture
- Service Configuration β Full configuration reference
Updated about 4 hours ago