Google Pub/Sub Integration
Monitor topic-level publish rates, subscription backlog size, and delivery latency across your Google Pub/Sub infrastructure. Get predictive backlog alerts and AI root cause analysis before message expiry causes data loss.
How It Works
Enable GCP Cloud Monitoring API
Grant the TigerOps service account the roles/monitoring.viewer IAM role in your GCP project. TigerOps uses the Cloud Monitoring API to pull Pub/Sub metrics at configurable intervals without any agents or sidecars.
Provide Service Account Credentials
Upload your service account JSON key or configure Workload Identity Federation for keyless authentication. TigerOps stores credentials encrypted at rest and uses them exclusively to read monitoring metrics.
Select Topics & Subscriptions
Choose which Pub/Sub topics and subscriptions to monitor, or enable project-wide auto-discovery. TigerOps automatically detects new topics and subscriptions as they are created in your project.
Configure Backlog & Latency Alerts
Set alert thresholds for subscription backlog message count, oldest unacked message age, and pull delivery latency. TigerOps predicts backlog growth and fires early warnings before SLOs are breached.
What You Get Out of the Box
Subscription Backlog Tracking
Per-subscription num_undelivered_messages and oldest_unacked_message_age with trend analysis. TigerOps alerts when backlog growth rate forecasts an SLO breach, giving you time to scale consumers before messages expire.
Topic Publish Rate Monitoring
Track topic/send_message_operation_count, send_request_count, and byte_count per topic. Identify publish spikes, detect abnormal traffic patterns, and correlate producer throughput changes with downstream subscription lag.
Delivery Latency Percentiles
p50, p95, and p99 subscription/pull_request_count latencies and push delivery attempt latencies. Detect slow subscriber processing before backlogs grow and identify whether latency is subscriber-side or broker-side.
Push Subscription Health
Monitor push subscription delivery attempt outcomes, HTTP response codes from push endpoints, and exponential backoff retry counts. Alert on sustained delivery failures before message expiry causes data loss.
Dead Letter Topic Monitoring
Track dead letter topic message rates to catch subscriptions that are silently discarding unprocessable messages. TigerOps alerts when dead letter volumes spike and correlates with subscriber error rates.
AI Backlog Root Cause Analysis
When subscription backlog spikes, TigerOps AI cross-references Cloud Run or GKE subscriber CPU and memory utilization, Cloud SQL query latency, and publisher error rates to pinpoint the root cause.
GCP Cloud Monitoring API Setup
Configure the TigerOps GCP integration with service account credentials to begin streaming Pub/Sub metrics.
# Step 1: Create service account and bind IAM role
# gcloud iam service-accounts create tigerops-monitor \
# --display-name="TigerOps Monitoring"
#
# gcloud projects add-iam-policy-binding ${GCP_PROJECT_ID} \
# --member="serviceAccount:tigerops-monitor@${GCP_PROJECT_ID}.iam.gserviceaccount.com" \
# --role="roles/monitoring.viewer"
#
# gcloud iam service-accounts keys create tigerops-key.json \
# --iam-account=tigerops-monitor@${GCP_PROJECT_ID}.iam.gserviceaccount.com
# Step 2: TigerOps integration configuration
integration:
provider: gcp-pubsub
projectId: ${GCP_PROJECT_ID}
# Service account credentials (base64-encoded JSON key)
credentials:
secretRef:
name: tigerops-gcp-credentials
key: service-account-json
# Metric collection interval
scrapeInterval: 60s
# Topics to monitor (empty = auto-discover all)
topics:
- projects/${GCP_PROJECT_ID}/topics/order-events
- projects/${GCP_PROJECT_ID}/topics/payment-events
- projects/${GCP_PROJECT_ID}/topics/user-activity
# Subscriptions to monitor (empty = auto-discover all)
subscriptions:
- projects/${GCP_PROJECT_ID}/subscriptions/order-processor
- projects/${GCP_PROJECT_ID}/subscriptions/payment-handler
- projects/${GCP_PROJECT_ID}/subscriptions/analytics-sink
# Alert thresholds
alerts:
backlogMessageCount:
warning: 50000
critical: 200000
oldestUnackedMessageAgeSeconds:
warning: 300 # 5 minutes
critical: 1800 # 30 minutes
deadLetterMessageRatePerMinute:
warning: 10
critical: 100
# Enable Pub/Sub Lite monitoring
pubsubLite:
enabled: true
locations:
- us-central1-a
- us-east1-bCommon Questions
What GCP permissions does TigerOps need to monitor Pub/Sub?
TigerOps requires the roles/monitoring.viewer predefined IAM role on your GCP project. This grants read-only access to Cloud Monitoring metrics and no other GCP resources. For stricter setups, you can bind the custom permission monitoring.metricDescriptors.list and monitoring.timeSeries.list directly to the service account.
Can TigerOps monitor Pub/Sub Lite topics?
Yes. Pub/Sub Lite exposes its own set of Cloud Monitoring metrics under the pubsublite.googleapis.com resource. TigerOps ingests partition-level backlog bytes, subscriber flow control bytes, and publish byte rates for Lite topics alongside standard Pub/Sub subscription metrics.
How does TigerOps handle Pub/Sub metrics across multiple GCP projects?
TigerOps supports multi-project monitoring. You can add separate service account credentials per project or configure a single service account with monitoring.viewer access across multiple projects using GCP IAM policy bindings. All projects are unified in a single TigerOps workspace with project labels for filtering.
Can TigerOps alert on oldest unacked message age to prevent message expiry?
Yes. TigerOps monitors subscription/oldest_unacked_message_age and compares it against your subscription message retention duration. You can configure an alert that fires when the oldest unacked message is within a configurable percentage of expiry — giving you a predictive warning before messages are discarded.
How are Pub/Sub alerts correlated with my subscriber services?
TigerOps links Pub/Sub subscription metrics with subscriber service telemetry using service labels. When backlog grows on a subscription consumed by a Cloud Run service, TigerOps automatically surfaces the Cloud Run instance count, CPU utilization, and error rate alongside the backlog trend in a unified incident timeline.
Stop Discovering Pub/Sub Backlog After Messages Expire
Predictive backlog alerts, delivery latency monitoring, and AI root cause analysis. Connect your GCP project in minutes.