Telemetry Guide — Cesivi Administrator Reference¶
Available from: v1.4 Group B (PLAN-1649). Feature is opt-in and disabled by default.
What Is Collected¶
When enabled, Cesivi WebUI emits lightweight performance events from the browser to an OpenTelemetry (OTLP) backend of your choice. No user content is ever sent — only timing numbers and scrubbed URLs.
Events¶
| Event | What it measures |
|---|---|
page.load |
Full page navigation duration (Navigation Timing API) |
listview.first-render |
Time from page start to first list items painted |
listview.interaction |
User sorts or filters a list (no content, only column name + direction) |
form.save.start |
User clicks Save on a New/Edit form |
form.validation.failed |
Client-side validation errors (count only, no field values) |
csapi.req.* |
Duration of each /_api/ REST call (URL scrubbed, no query values) |
What Is NOT Collected¶
- User identity, display name, or email
- Field values, list item content, document names
- IP addresses or geolocation
- Browser fingerprinting data
URLs are scrubbed before transmission: query-string values are replaced with <redacted> except for a small safe-list of non-sensitive keys (sort field, view ID, etc.).
Enabling Telemetry¶
Step 1 — Configure an OTLP Endpoint¶
You need an OpenTelemetry-compatible backend. Options include:
- Jaeger (open source, easy local setup):
http://localhost:4318 - Honeycomb (cloud):
https://api.honeycomb.io - OpenTelemetry Collector (recommended for production): routes to any backend
Step 2 — Add to appsettings.json¶
{
"Cesivi": {
"Telemetry": {
"Enabled": true,
"OtlpEndpoint": "http://your-otel-collector:4318",
"SampleRate": 1.0
}
}
}
Set SampleRate to a fraction (e.g. 0.1 = 10 % of sessions) to reduce volume on busy sites.
Step 3 — Verify via Admin UI¶
Navigate to Site Settings → Monitoring → Telemetry (/_layouts/15/TelemetrySettings.aspx). The status panel shows whether events are flowing.
Disabling Telemetry¶
Set Cesivi:Telemetry:Enabled to false (or use the admin UI toggle). No browser-side code runs when disabled — the SDK initialises in no-op mode.
Trace Stitching (Advanced)¶
Every browser session generates a W3C-compliant traceparent header that is attached to all REST API calls. Your OTLP backend can correlate browser timings with server-side spans — a single trace shows the full browser-to-database waterfall.
Requires: server-side OpenTelemetry configured with the same OTLP endpoint (see _docs_dev/observability.md for the server-side configuration).
Privacy and Compliance¶
- All telemetry is opt-in — disabled by default.
- Data stays within your infrastructure unless you explicitly configure a cloud OTLP endpoint.
- No third-party analytics scripts are loaded.
- Compliant with GDPR data minimisation principles (timing data only, no PII).
- Review the scrubbing rules in
_docs_dev/observability.mdif you have specific compliance requirements.