MI Console Overview

MI Console is a web-based administration interface for the Metric Insights application, introduced in version 7.0.1. It centralizes the most common system administration tasks into a single UI, reducing the need for command-line access.

Through MI Console, administrators can monitor the health and performance of all MI application services (including CPU, RAM, and disk usage) and view live and historical logs. Configuration tasks such as managing SSL certificates, setting up SAML authentication, configuring user synchronization (LDAP or O365), scheduling cron jobs, adjusting timezones, and managing the embed whitelist are all handled directly from the interface. Additional capabilities include applying patches, managing backups, configuring proxy settings, enabling high-load mode, and setting up service downtime notifications via email or Slack.

Access to MI Console is restricted to Admin users and protected by mandatory two-factor authentication for any action that modifies system state or configuration. All such actions are recorded in a permanent Audit Log.

Table of contents:

Access MI Console

1. Grant Access to MI Console

NOTE:

  • Beginning in v7.1.2, access to MI Console can be granted via MI Console's Admin Menu > Users tab.
  • For Metric Insights versions prior to v7.1.2, access to MI Console can only be granted via the mi-console-access tool.
  • Only Admin users can be granted access to MI Console.
  1. Access the web container: mi-web
  2. Execute mi-console-access allow <username>, providing a valid username.

You can also revoke a user's access to MI Console by executing the command: mi-console-access deny <username>.

2. Verify the Result

Access Admin > Users & Groups > User

If access has been granted, a note will be displayed indicating that the user has MI Console access.

3. Log In to MI Console

Access https://<MI hostname>/console/ or via Admin > Status Monitor > System Stats > MI Console link.

  1. Enter the credentials of the Admin user who has been granted access to the MI Console.
  2. [Sign In]

4. Authorize via 2FA

During your first login, you will be prompted to enable two-factor authentication (2FA):

  1. Scan the QR code using your authentication app (e.g., Google Authenticator).
    • NOTE: 2FA is required for every action that changes the system's state or MI configuration. Information about these actions is stored in the Audit Log.
  2. Enter the validation code from your 2FA app.
  3. [Verify]

Overview

The Overview tab displays information about all MI application services, including:

  • their status;
  • RAM, CPU, and disk space usage;
  • general information, as well as events related to those services.

Services

NOTE: A Seed node may still appear in the Services list, even after it no longer exists, if the system was upgraded from v6. This occurs because the system retains data on previously configured services, including obsolete entries.

  1. Click [+] to expand and view complete information about a service.
  2. The top pane displays general information about the service.

NOTE: The time displayed is based on the MI application's time zone.

  1. You can [Restart] the service from the UI.
  1. You can set the interval for the RAM and CPU graphs; the default value is 10 minutes.
  2. Disk Space Usage displays information about a volume's path, the volume's filesystem type, and details about disk usage.

Recent Events

This table displays information about events related to services. Node Name represents the name of the service, and Service represents the role that the service executes.

Logs & Analytics

NOTE: System Logs contain logs from opt/mi/log; Dataprocessor Logs contain logs from opt/mi/log/dataprocessor.

  1. Available download options are:
    • [Download All Logs],
    • Select a log file from the list and [Download Selected Log].
  2. v7.2.1+: Select a log and [Show Runtime Log] to see logs streaming in live time.
  3. Click [Open Analytics] to open GoAccess Web Analytics Dashboard.
    • For MI v7.1.1, access the GoAccess dashboard at: https://<MI hostname>/console/goaccess

Plugins & Drivers

  1. The first three tabs display information about the Plugins, Drivers, and Libs used by the MI application.
  2. You can upload External Libs on the corresponding tab.
  3. The last tab, BI Tools, can be used to ping BI tools' servers and ports to check connectivity.

Patches

On this tab, you can upload patches, view a list of the applied patches, and download Patcher logs.

Backups

NOTE: See Configure Backups with MI Console for more details.

Configuration

General

Use this tab to override the default maintenance message.

SSL Certificates

NOTE: The uploaded Certificate and Key files must match.

SAML

NOTE: See Configure SAML with MI Console for details.

User Sync

NOTE: See the following articles for more details:

Cron Tasks

NOTE: The CRON command is not validated by the system; the user is responsible for its input.

  1. [+ Add Task]
  2. Fill in the cron task details. Hover over the information icon to see the accepted format and values for each field.
  3. [Save]

The Cron Tasks tab can be disabled by setting the environment variable DISABLE_CRON_UI to true within /opt/mi/config/deployment/credentials/console.env and redeploying the console container:

  1. Log in to the MI application host as the root user.
$ sudo -i
  1. Navigate to the /opt/mi/config/deployment/credentials directory.
cd /opt/mi/config/deployment/credentials
  1. Open console.env and set DISABLE_CRON_UI to true:
$ nano console.env
...
DISABLE_CRON_UI=true
...
  1. Redeploy the console container:
$ mi-control rm --stop console
$ mi-control up -d console

Timezone

After installing the MI application, you can change both the MI timezone and the MySQL timezone here. This functionality is equivalent to using the --timezone installer option. Information about timezone changes in Metric Insights is recorded in the audit.log file.

NOTES:

  • Changing the timezone will restart the corresponding services.
  • Changing the Metric Insights timezone specifically will restart all services, including the MI Console and Chatbot.
  • Changing the MySQL timezone only affects the local MySQL instance.

Embed Whitelist

Use this tab to whitelist domains and web applications where MI Application objects can be embedded. This allows MI content to be embedded on the specified sites.

Audit Log

This section lists all operations that require a 2FA code. A 2FA code is required for any action that changes the system's state or MI configuration. The operations listed here are permanently stored.

Advanced

NOTES:

  • Enabling High load mode requires sufficient RAM allocation for the Web service:
    • Simple Install: 10GB+
    • Orchestrated Environments:
      • Web Master: 15GB+
      • Web Slave: 10GB+ each
  • Other application services are unaffected by this mode.
  • Database max_connections parameter must correspond to the desired concurrent user requests amount. Ideally, it should include a reserve 500–1000 connections; e.g.; for a target of 3,000 concurrent users per second, configure at least 3,500–4,000  maximum database connections.

This section allows configuring High load mode and proxy settings:

  1. High load: Turn on this setting to enable the web service to handle a significantly higher volume of simultaneous concurrent user requests.
  2. Proxy: Enter the proxy server address.
  3. No proxy: Enter a comma-separated list of components that should not be accessed by proxy.

Admin Menu

Notifications

From the Notifications tab, configure alerting for service downtime events. Options include email and Slack notifications, or notifying MI Console administrators.

NOTE: See Configure Notifications for MI Console for more details.

Users

Beginning in v7.1.2, MI Console introduces a new Users tab, where you can grant or revoke MI Console access and reset the two-factor authentication (2FA).

See Managing Access for MI Console Users for details.