GCP Cloud Monitoring

Give your Firetiger agents direct access to Google Cloud Monitoring metrics. When investigating issues, agents can pull real-time infrastructure data — CPU spikes, memory pressure, cache hit ratios, connection counts — and correlate it with application-level signals like logs and traces.

This works with any GCP service that reports metrics to Cloud Monitoring: Cloud SQL, Compute Engine, AlloyDB, Cloud Run, GKE, Load Balancers, and more.

Setup

  1. You need an existing GCP connection — this provides the service account used to authenticate
  2. Grant the Monitoring Viewer role (roles/monitoring.viewer) to the service account if it doesn’t already have Viewer access
  3. You should see the Cloud Monitoring tools are enabled on the GCP Connection’s settings page

That’s it. Your agents can now query any Cloud Monitoring metric in the project.

What Agents Can Do

Capability Description
Browse metrics Explore what metrics exist in the project using hierarchical navigation
Query metrics Query metrics via GCP’s Prometheus-compatible API (PromQL) — instant values, time series over a range, aggregations across instances

You don’t need to know PromQL — just ask questions in natural language and the agent constructs the right queries.

Permissions

The service account needs the Monitoring Viewer role (roles/monitoring.viewer), which grants read-only access to metric data. The broader Viewer role also works.

Troubleshooting

Empty results — Confirm the project has active resources generating metrics. Some metrics have up to 5 minutes of reporting delay.

Permission denied — Grant roles/monitoring.viewer to the service account. If using a custom role, it needs monitoring.timeSeries.list and monitoring.metricDescriptors.list.

This site uses Just the Docs, a documentation theme for Jekyll.