Skip to content

Telemetry Guide — Cesivi Administrator Reference

Available from: v1.4 Group B (PLAN-1649). Feature is opt-in and disabled by default.

What Is Collected

When enabled, Cesivi WebUI emits lightweight performance events from the browser to an OpenTelemetry (OTLP) backend of your choice. No user content is ever sent — only timing numbers and scrubbed URLs.

Events

Event What it measures
page.load Full page navigation duration (Navigation Timing API)
listview.first-render Time from page start to first list items painted
listview.interaction User sorts or filters a list (no content, only column name + direction)
form.save.start User clicks Save on a New/Edit form
form.validation.failed Client-side validation errors (count only, no field values)
csapi.req.* Duration of each /_api/ REST call (URL scrubbed, no query values)

What Is NOT Collected

  • User identity, display name, or email
  • Field values, list item content, document names
  • IP addresses or geolocation
  • Browser fingerprinting data

URLs are scrubbed before transmission: query-string values are replaced with <redacted> except for a small safe-list of non-sensitive keys (sort field, view ID, etc.).

Enabling Telemetry

Step 1 — Configure an OTLP Endpoint

You need an OpenTelemetry-compatible backend. Options include:

  • Jaeger (open source, easy local setup): http://localhost:4318
  • Honeycomb (cloud): https://api.honeycomb.io
  • OpenTelemetry Collector (recommended for production): routes to any backend

Step 2 — Add to appsettings.json

{
  "Cesivi": {
    "Telemetry": {
      "Enabled": true,
      "OtlpEndpoint": "http://your-otel-collector:4318",
      "SampleRate": 1.0
    }
  }
}

Set SampleRate to a fraction (e.g. 0.1 = 10 % of sessions) to reduce volume on busy sites.

Step 3 — Verify via Admin UI

Navigate to Site Settings → Monitoring → Telemetry (/_layouts/15/TelemetrySettings.aspx). The status panel shows whether events are flowing.

Disabling Telemetry

Set Cesivi:Telemetry:Enabled to false (or use the admin UI toggle). No browser-side code runs when disabled — the SDK initialises in no-op mode.

Trace Stitching (Advanced)

Every browser session generates a W3C-compliant traceparent header that is attached to all REST API calls. Your OTLP backend can correlate browser timings with server-side spans — a single trace shows the full browser-to-database waterfall.

Requires: server-side OpenTelemetry configured with the same OTLP endpoint (see _docs_dev/observability.md for the server-side configuration).

Privacy and Compliance

  • All telemetry is opt-in — disabled by default.
  • Data stays within your infrastructure unless you explicitly configure a cloud OTLP endpoint.
  • No third-party analytics scripts are loaded.
  • Compliant with GDPR data minimisation principles (timing data only, no PII).
  • Review the scrubbing rules in _docs_dev/observability.md if you have specific compliance requirements.