The Go agent follows this order of precedence for configuration. If enabled, server-side configuration overrides all corresponding values in the newrelic.Config struct, even if the server-side values are left blank.
If server-side configuration is enabled with the Go agent, it overrides all corresponding values in the newrelic.Config struct, even if the server-side values are left blank.
Here are detailed descriptions of each configuration method:
Server-side configuration is available with Go agent versions 2.7.0 or higher. This allows you to configure certain settings in the UI. This applies your changes automatically to all agents even if they run across multiple hosts. Where available, this document includes the UI labels for server-side config under individual config options as the Server-side label.
You must still call newrelic.NewApplication() in your application process following the steps described in the in-process configuration. Configuration options set server-side will overwrite those set locally. Since not all configuration options are available server side, you may want to still update your newrelic.Config struct.
Cuidado
If server-side config is enabled, the agent ignores any value in the newrelic.Config struct that could be set in the UI. Even if the UI value is empty, the agent treats this as an empty value and doesn't use the newrelic.Config value.
You configure your Go agent from the local in process newrelic.Config struct. This struct can be accessed when calling newrelic.NewApplication().
Add the following in the main function or in an init block:
Note the use of os.Getenv to read your license key from the environment rather than hard-coding it as a string literal value passed to newrelic.ConfigLicense. We recommend that you don't place license keys or other sensitive information in your source code, as that may result in them being stored in your SCM repository and possibly revealed to unauthorized parties.
Update values on the newrelic.Config struct to configure your application using newrelic.ConfigOptions. These are functions that accept a pointer to the newrelic.Config struct. Add additional newrelic.ConfigOptions to further configure your application. For example, you can use one of the predefined options to do common configurations:
// add more specific configuration of the agent within a custom ConfigOption
config.HighSecurity =true
config.CrossApplicationTracer.Enabled =false
},
)
Change configuration settings
To make Go agent configuration changes, set the values in the newrelic.Config struct from within a custom newrelic.ConfigOption. For example, to turn New Relic monitoring off temporarily for testing purposes, change the Enabled value to false:
In this and the following examples, config represents your New Relic config struct, although you may have given it a different variable name when you installed the Go agent and initiated the configuration in your app.
Specifies your New Relic license key, used to associate your app's metrics with a New Relic account. The license and the app name are both set as part of the New Relic installation process.
To report data to multiple apps at the same time, specify a list of names separated with a semicolon. Do not put a space before the semicolon itself. For example:
High-security mode enforces certain security settings and prevents them from being overridden, so that the agent sends no sensitive data. High-security mode does the following:
Turns SSL on
Turns off reporting of error message strings
Turns off reporting of custom events
This setting must match the corresponding account setting in the UI. For example:
Controls whether HTTPS or HTTP is used to send data to New Relic. The agent communicates with New Relic via HTTPS by default (which uses TLS protocol), and New Relic requires HTTPS for all traffic to APM and the New Relic REST API.
For greater flexibility, you can set many configuration options by setting environment variables instead of hardcoding them into your application's
source code. In order to use them, add a call to ConfigFromEnvironment() among your other configuration options:
Note that the environment variables will be read, and their corresponding entries in the newrelic.Config struct will be updated, at the
point in the list of options where newrelic.ConfigFromEnvironment() appears. If there are additional configuration options listed after
ConfigFromEnvironment, they may override the values set by ConfigFromEnvironment.
For example, if the following environment variables are set:
Not all possible configuration options may be set via environment variables. The table of environment variables and functions in the collapser below lists all of the available configuration functions and their corresponding environment variables. Although any named configuration option may be set by directly assigning a value to the corresponding field in the Config structure, we recommend using configuration functions and/or environment variables whenever possible.
Here are some tips for how to use the table:
If an environment variable is listed in the table, then you may set the corresponding option by setting the named environment variable. You must also include the ConfigFromEnvironment() function, which will cause the agent to accept all NEW_RELIC_* environment variables.
If a configuration function is listed, you can use that function to set the corresponding option instead of using ConfigFromEnvironment(). Keep in mind that the configuration functions listed in the program, including ConfigFromEnvironment(), are resolved in the order they appear in the code. This means that if you create an environment variable and call the function ConfigFromEnvironment(), it will overwrite corresponding configurations you may have set previously using a specific function. Subsequent configuration options after ConfigFromEnvironment() will override previous configuration functions and environment variables.
See the documentation here and at the Go documentation site for more information about how to use each function.
Calling one of the listed functions to enable a subordinate feature also enables the main feature and/or sets other configuration values:
ConfigAppLogForwardingEnabled(true) sets ApplicationLogging.Forwarding.Enabled=true but also sets ApplicationLogging.Enabled=true.
ConfigAppLogForwardingEnabled(false) sets ApplicationLogging.Forwarding.Enabled=false but also sets ApplicationLogging.Forwarding.MaxSamplesStored=0.
ConfigAppLogDecoratingEnabled(true) sets ApplicationLogging.LocalDecorating.Enabled=true but also sets ApplicationLogging.Enabled=true.
ConfigAppLogDecoratingEnabled(false) sets ApplicationLogging.LocalDecorating.Enabled=false but does not affect ApplicationLogging.Enabled.
ConfigAppLogMetricsEnabled(true) sets ApplicationLogging.Metrics.Enabled=true but also sets ApplicationLogging.Enabled=true.
ConfigAppLogMetricsEnabled(false) sets ApplicationLogging.Metrics.Enabled=false but does not affect ApplicationLogging.Enabled.
Table note 2:
When setting Logger via the NEW_RELIC_LOG environment variable, the type of logger used depends on the value of NEW_RELIC_LOG_LEVEL. If the latter variable is defined and has the value debug, Debug, DEBUG, d, or D, then a debug-level logger is used instead of a standard one. NEW_RELIC_LOG may have the values stdout, Stdout, STDOUT, stderr, Stderr, or STDERR.
Dica
Environment variables must have a non-empty value in order to be read by newrelic.ConfigFromEnvironment.
Set version tag
Setting NEW_RELIC_METADATA_SERVICE_VERSION will create a tag, tag.service.version on event data. In this context, the service version is the version of your code that is deployed, in many cases a semantic version such as 1.2.3 but not always. Sending this information allows you to facet your telemetry by the version of the software deployed so you can quickly identify which versions of your software are producing the errors.
AI monitoring
This section includes Go agent configurations for setting up AI monitoring.
Importante
If distributed tracing is disabled or high security mode is enabled, AI monitoring will not collect AI data.
When set to true, enables the agent to capture streamed responses. If set to false, agent won't capture event data about streamed responses, but the agent can still capture metrics and spans. The span duration will end when the LLM function call exits. When set to true, the span duration ends when the final result is read from the stream.
If set to false, agent will omit input and output content (like text strings from prompts and responses) captured in LLM events. This is an optional security setting if you don’t want to record sensitive data sent to and received from your LLMs.
Custom events configuration
You can create custom events and make them available for querying and analysis.
Transaction events are used in collecting events corresponding to web requests and background tasks. Event data allows the New Relic UI to show additional information such as histograms and percentiles.
TransactionEvents.Attributes is a struct with three fields:
Enabled bool
Include []string
Exclude []string
Use TransactionEvents.Attributes.Enabled to turn attribute collection on or off for transaction events. Use Include and Exclude to include or exclude specific attributes.
An example of excluding an attribute slice named allAgentAttributeNames from transaction events:
This controls which HTTP response codes are ignored as errors.
Response codes that are greater than or equal to 100 and strictly less than 400 are ignored by default and never have to be specified when calling this function. Response codes 0, 5, and 404 are included on the list by default, but must be specified when adding to the ignore list.
This function's default form is:
config.ErrorCollector.IgnoreStatusCodes =[]int{
0,// gRPC OK
5,// gRPC NOT_FOUND
http.StatusNotFound,// 404
}
You can also add response codes as HTTPs, as http.StatusNotFound above.
Importante
If used, server-side configuration will override any values set on the newrelic.Config struct. Therefore to ignore 404 when server-side configuration is enabled, you must include 404 in the configuration set in the UI.
To add HTTP response code 418 to the default ignore list, which includes 0, 5, and 404:
ErrorCollector.Attributes is a struct with three fields:
Enabled bool
Include []string
Exclude []string
Use ErrorCollector.Attributes.Enabled to turn attribute collection on or off for errors. Use Include and Exclude to include or exclude specific attributes.
An example of excluding an attribute slice named allAgentAttributeNames from errors:
TransactionTracer.Segments.Attributes is a struct with three fields:
Enabled bool
Include []string
Exclude []string
Use TransactionTracer.Segments.Attributes.Enabled to turn attribute collection on or off for transaction trace segments. Use Include and Exclude to include or exclude specific attributes.
An example of excluding an attribute slice named allSegmentAttributeNames from traces:
TransactionTracer.Attributes is a struct with three fields:
Enabled bool
Include []string
Exclude []string
Use TransactionTracer.Attributes.Enabled to turn attribute collection on or off for transaction traces. Use Include and Exclude to include or exclude specific attributes.
An example of excluding an attribute slice named allAgentAttributeNames from traces:
This enables collection of datastore instance metrics (such as the host and port) for some database drivers. These are reported on transaction traces and as part of slow query data.
When true, the agent will add cross application tracing headers in outbound requests, and scan incoming requests for cross application tracing headers.
Distributed tracing and cross application tracing cannot be used simultaneously. The default configuration for the Go agent disables distributed tracing and enables cross application tracing.
Distributed tracing configuration
Importante
Enabling distributed tracing requires Go agent version 2.1.0 or higher, and it disables cross application tracing. It also has effects on other features. Before enabling, read the transition guide.
Distributed tracing lets you see the path that a request takes as it travels through a distributed system.
When distributed tracing is enabled, you can collect span events.
Standard tracing is on by default in Go agent versions 3.16.0 and higher. This means the agent will automatically add distributed tracing headers in outbound requests, and scan incoming requests for distributed tracing headers. To disable distributed tracing, set the value to false.
Set this to true to exclude the New Relic header that is attached to outbound requests, and instead only rely on W3C Trace Context Headers for distributed tracing. If this is false then both types of headers are used.
Span events configuration
Span events are reported for distributed tracing. Distributed tracing must be enabled to report span events. These settings control the collection of span events:
SpanEvents.Attributes is a struct with three fields:
Enabled bool
Include []string
Exclude []string
Use SpanEvents.Attributes.Enabled to enable or disable attribute collection for span events. Use Include and Exclude to include or exclude specific attributes.
An example of excluding an attribute slice named allSpanAttributeNames from traces:
To enable Infinite Tracing, enable distributed tracing (set config.DistributedTracer.Enabled = true on the newrelic.Config struct) and add the additional settings below. For an example, see Language agents: Configure distributed tracing.
The following settings are available for configuration of application logging in the agent. For tips on using Go agent logs in context, see Go logs in context.
If true, enables the collection of log events and logging metrics if these sub-feature configurations are also enabled. If false, no logging instrumentation features are enabled.
Configure ApplicationLogging by calling ConfigAppLogEnabled().
If true, the agent captures log records emitted by your application and forwards them to New Relic. ApplicationLogging.Enabled must also be true for this setting to take effect.
Enable log forwarding by calling ConfigAppLogForwardingEnabled().
Set this to a lower value to reduce the amount of log lines sent (may cause log sampling). Set this to a higher value to send more log lines.
Each log receives the same priority as its associated transaction. Logs that occur outside of a transaction will receive a random priority. Some logs may not be included because they are limited by MaxSamplesStored. For example, if logging MaxSamplesStored is set to 10,000 and transaction 1 has 10,000 log entries, only log entries for transaction 1 will be recorded. If transaction 1 has less than 10,000 logs, you receive all logs for transaction 1. If there is still space, you receive all the logs for transaction 2, and so on.
If after all the logs for sampled transactions are recorded, and they haven't reached the limit in MaxSamplesStored, then log messages for transactions that were not in our sampling are sent. If there are any left, log messages outside of transactions are recorded.
If true, the agent captures metrics related to the log lines being sent up by your application. ApplicationLogging.Enabled must also be true for this setting to take effect.
Configure ApplicationLogging.Metrics.Enabled by calling ConfigAppLogMetricsEnabled().
app, err := newrelic.NewApplication(
newrelic.ConfigAppLogMetricsEnabled(true),
)
Module dependency metrics settings
Module dependency metrics can be configured in a variety of ways in the Go agent. Module dependency metrics reports the list of imported modules used by your Go application to help facilitate code dependency management. It also includes the version information of the modules of your app.
You can enable the setting of your Go agent options via environment variables by inserting ConfigFromEnvironment() into your call to NewApplication. If you've done this you can enable or disable module dependency metrics collection by setting the environment variable.
This list of module path prefixes specifies that you want to exclude some modules from the dependency information reported by the agent.
Any module whose import path begins with any of the listed prefix strings will be excluded. The default is an empty list, which means
to report all modules found.
Specify a list of path prefix strings to be excluded by calling ConfigModuleDependencyMetricsIgnoredPrefixes.
If you enabled the setting of your Go agent options via environment variables by inserting ConfigFromEnvironment() into your call to NewApplication, you can list the path prefixes by setting the environment variable.
Normally all of the options you set as part of your agent configuration are reported and visible in the New Relic UI. If you choose to exclude some modules from being reported via the ConfigModuleDependencyIgnoredPrefixes option, you can also redact them from the configuration data as well. For example, if the modules were excluded for reasons of confidentiality.
Enable or disable the redaction of excluded paths by calling ConfigModuleDependencyMetricsRedactIgnoredPrefixes.
If true, the list of excluded module prefixes won't be reported. If false, they are reported.
If you enabled the setting of your Go agent options via environment variables by inserting ConfigFromEnvironment() into your call to NewApplication, you can list the path prefixes by setting the environment variable.
New Relic Interactive Applications Security Testing (IAST) tests your applications for any exploitable vulnerability by replaying the generated HTTP request with vulnerable payloads. You can enable New Relic IAST by updating your Go app code with configurations that are passed to the INIT function. You can also make these configurations through a YAML file or with environment variables.
Options set using INIT functions take precedence over environment or YAML configurations. That said, we recommend enabling IAST using a YAML file because those configurations will pass to other agents in your environment.
Setup Instructions
Import the integration by adding the following direct dependency to you go.mod file.
ConfigSecurityFromEnvironment directs the nrsecurityagent integration to obtain all of its configuration information from environment variables.
err:= nrsecurityagent.InitSecurityAgent(
app,
ConfigSecurityFromEnvironment(),
)
ConfigSecurityFromYaml directs the nrsecurityagent integration to read an external YAML-formatted file to obtain its configuration values. The path to this file must be provided by setting the environment variable NEW_RELIC_SECURITY_CONFIG_PATH.
err:= nrsecurityagent.InitSecurityAgent(
app,
ConfigSecurityFromYaml(),
)
The default YAML file looks like this.
enabled:true
# NR security provides two modes IAST and RASP
# Default is IAST
mode: IAST
# New Relic’s SaaS connection URLs
validator_service_url: wss://csec.nr-data.net
# Following category of security events
# can be disabled from generating.
detection:
rxss:
enabled:true
request:
body_limit:300
Configure IAST
The security agent can be configured with the following options.
Type
Boolean
Config Function
func(cfg *SecurityConfig){
cfg.Security.Agent.Enabled =true
}
Environment Variable
NEW_RELIC_SECURITY_AGENT_ENABLED
Default
true
To completely disable all security functionality, set this flag to false. By importing and initializing the security agent in go, its assumed that you intend to use it, so this value defaults to true. Note that this is the oposite behavior from automatically instrumenting agents. This property is read only once at application start.
Type
Boolean
Config Function
nrsecurityagent.ConfigSecurityEnable(false)
Environment Variable
NEW_RELIC_SECURITY_ENABLED
Default
false
Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is true, the security module will run but data will not be sent. Default is false.
Type
String
Config Function
nrsecurityagent.ConfigSecurityMode("IAST")
Environment Variable
NEW_RELIC_SECURITY_MODE
Default
IAST
New Relic Security provide mode: IAST. Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a production environment or an environment where production data is processed.
New Relic Security’s SaaS connection URL. This is the endpoint that the security agent sends data to, it should match that environment that you have set for the APM Java agent.
Security Request Body Limit sets a limit on read the amount of memory that can be consumed when reading from a request body in kb. By default, this is "300".
Instrument security sensitive parts of your application
The nrgin, nrgrpc, nrmicro, fasthttp, or nrmongo integrations now contain code to support security analysis of the data they handle.
Additionally, the Go agent will perform vulnerability scanning on instrumented code containing datastore segments, SQL operations, transactions, and wrapped HTTP calls and endpoints.
