Mastering Sentinel Console: Real‑World Guide to Machine Monitoring, Flow Control, and Rule Configuration

In the previous two articles we introduced Sentinel's functions and basic usage; now we continue with the Sentinel console, covering its core features and rule configuration to help you use Sentinel effectively in production.

jdk 1.8

sentinel 1.8.0

spring-boot 2.3.5.RELEASE

spring-cloud Hoxton.SR8

spring-cloud-alibaba 2.2.5.RELEASE

Console Overview

Sentinel provides a lightweight open‑source console that offers machine discovery, health management, monitoring (single‑node and cluster), rule management, and rule push capabilities. The following sections detail how to use these functions with simple steps.

Sentinel console includes the following functions:

View machine list and health status : collects heartbeat packets from Sentinel clients to determine whether a machine is online.

Monitoring (single‑node and cluster aggregation) : periodically pulls and aggregates monitoring data exposed by Sentinel clients, achieving second‑level real‑time monitoring.

Rule management and push : unified rule management and distribution.

Authentication : authentication is crucial in production; each developer should customize it according to actual needs.

Note: The Sentinel console currently supports only single‑node deployment. The console project provides a full‑example of Sentinel features and is not intended as an out‑of‑the‑box production console; you need to customize and adapt it for production use.

Alibaba offers an enterprise version of Sentinel (AHAS Sentinel) that can be purchased at

aliyun.com

.

View Machine List and Health Status

After correctly integrating Sentinel, you can view the health of service nodes in the console's "Machine List" menu.

If Sentinel integration fails, consult the official Sentinel documentation or FAQ for troubleshooting.

Service Monitoring

1. Real‑time Monitoring

Metrics from all machines under the same service are aggregated and displayed under "Real‑time Monitoring" with second‑level updates.

Note: Real‑time monitoring only stores data for the last five minutes. To persist data, you need to call the real‑time monitoring API and customize storage.

Ensure the machine time of the Sentinel console matches the application machine time; otherwise, real‑time data may not be retrieved.

2. Cluster Link

The cluster link (single‑node call chain) page fetches the runtime status of specified client resources. It provides two display modes: a tree‑structured call chain and a flat real‑time view.

Note: Cluster link monitoring is in‑memory and only shows resources that have been invoked after startup.

Again, ensure the console and application machine times are synchronized.

3. Flow Control Rules

Flow control monitors application QPS or concurrent thread count; when a threshold is reached, traffic is limited to protect high availability.

The

FlowSlot

uses real‑time statistics from

NodeSelectorSlot

,

ClusterBuilderSlot

, and

StatisticSlot

to enforce flow control.

When the rule triggers, the following exception is thrown during

Entry nodeA = SphU.entry(resourceName)

:

<code>FlowException</code>

FlowException

is a subclass of

BlockException

; you can catch

BlockException

to implement custom fallback logic.

Sentinel returns the same exception page for all rule protections, making it hard to identify which rule caused the block. Therefore, custom exception responses are needed to indicate the triggered rule type.

<code>@Component
public class SentinelBlockHandler implements BlockExceptionHandler {
    @Override
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
                       BlockException e) throws Exception {
        CommonResult<Void> result = new CommonResult<>();
        if (e instanceof FlowException) {
            result = CommonResult.error(101, "接口限流了");
        } else if (e instanceof DegradeException) {
            result = CommonResult.error(102, "服务降级了");
        } else if (e instanceof ParamFlowException) {
            result = CommonResult.error(103, "热点参数限流了");
        } else if (e instanceof SystemBlockException) {
            result = CommonResult.error(104, "系统规则（负载/...不满足要求）");
        } else if (e instanceof AuthorityException) {
            result = CommonResult.error(105, "授权规则不通过");
        }
        httpServletResponse.setStatus(500);
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setHeader("Content-Type", "application/json;charset=utf-8");
        httpServletResponse.setContentType("application/json;charset=utf-8");
        new ObjectMapper().writeValue(httpServletResponse.getWriter(), result);
    }
}
</code>

Result examples:

<code>➜ curl http://127.0.0.1:8088/getStockDetail
{"code":1,"message":"this is a success message","data":{"id":1,"code":"STOCK==>1000"}}

➜ curl http://127.0.0.1:8088/getStockDetail
{"code":101,"message":"接口限流了","data":null}
</code>

Threshold Types

Thread count : Controls concurrency to protect thread pools from being exhausted by slow calls. This is usually configured on the caller side.

Thread count can be simulated with a thread pool or JMeter; exceeding the threshold yields the flow‑exception response.

Flow Control Modes

Calling relationships form a hierarchical call chain.

Direct : When a resource exceeds its threshold, an exception is thrown immediately.

<code>➜ curl http://127.0.0.1:8088/getStockDetail
{"code":101,"message":"接口限流了","data":null}
</code>

Related : When two resources have a dependency, you can set a related rule (e.g., limit

read_db

when

write_db

is frequent) by configuring

strategy = RuleConstant.STRATEGY_RELATE

and

refResource = write_db

.

Chain : The

NodeSelectorSlot

records call chains; the root node is

machine-root

. You can limit flow based on a specific entry by setting

strategy = RuleConstant.STRATEGY_CHAIN

and

refResource = Entrance1

.

Since version 1.6.3, Sentinel Web filter aggregates all URL entry contexts, disabling chain flow control. From version 1.7.0, set WEB_CONTEXT_UNIFY=false to enable chain‑based flow control.

Solution (Spring Cloud Alibaba 2.1.1.RELEASE):

<code>@Configuration
public class FilterContextConfig {
    @Bean
    public FilterRegistrationBean sentinelFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new CommonFilter());
        registration.addUrlPatterns("/*");
        registration.addInitParameter(CommonFilter.WEB_CONTEXT_UNIFY, "false");
        registration.setName("sentinelFilter");
        registration.setOrder(1);
        return registration;
    }
}
</code>

After configuring, accessing

/getStockDetail

returns a

FlowException

as expected.

By default, a 500 error page is shown; adding a

fallbackFactory

to OpenFeign avoids this issue.

<code>// Controller
@Autowired
private StockFeign stockFeign;

@GetMapping("/getStockDetail")
public CommonResult<StockModel> getStockDetail() {
    CommonResult<StockModel> result = stockFeign.getStockDetail();
    if (result.getCode() != 1) {
        return CommonResult.error(null, result.getCode(), result.getMessage());
    }
    return result;
}

// FeignClient
@FeignClient(name = "stock-service")
public interface StockFeign {
    @GetMapping("/getStockDetail")
    CommonResult<StockModel> getStockDetail();
}
</code>

4. Degrade Rules

Beyond flow control, degradation (circuit breaking) protects high‑availability by isolating unstable downstream services (e.g., remote APIs, databases).

Circuit‑break Strategies

Sentinel supports:

Slow request ratio (SLOW_REQUEST_RATIO) : triggers when the proportion of slow calls (exceeding a configured RT) surpasses a threshold within a statistical interval.

Configuration example (console screenshot omitted for brevity).

Error ratio (ERROR_RATIO) : triggers when the error proportion exceeds a threshold within a statistical interval.

Error count (ERROR_COUNT) : triggers when the number of errors exceeds a threshold.

Degrade Rule Fields

resource : name of the protected resource.

grade : degradation strategy (slow ratio, error ratio, error count).

count : threshold value (slow RT or error count).

timeWindow : degradation duration (seconds).

minRequestAmount : minimum request count to trigger degradation (default 5).

statIntervalMs : statistical interval in ms (default 1000).

slowRatioThreshold : slow‑ratio threshold (effective for slow‑ratio mode).

5. Hotspot Rules

Hotspot parameters are frequently accessed data (e.g., popular product IDs). Sentinel can limit the top‑K hot parameters using an LRU cache and token‑bucket algorithm.

Configuration requirements:

The resource must be declared with

@SentinelResource

.

Parameter types must be primitive; otherwise the rule is ineffective.

Example controller and handler code:

<code>@SentinelResource(value = "ResOrderGet", fallback = "fallback", fallbackClass = SentinelExceptionHandler.class,
                  blockHandler = "blockHandler", blockHandlerClass = SentinelExceptionHandler.class)
@GetMapping("/order/get/{id}")
public CommonResult<StockModel> getStockDetails(@PathVariable Integer id) {
    StockModel stockModel = new StockModel();
    stockModel.setCode("STOCK==>1000");
    stockModel.setId(id);
    return CommonResult.success(stockModel);
}

public class SentinelExceptionHandler {
    public static CommonResult<StockModel> blockHandler(@PathVariable Integer id) {
        return CommonResult.error(null, -100, "系统错误 (限流熔断业务逻辑)");
    }
    public static CommonResult<StockModel> fallback(@PathVariable Integer id) {
        return CommonResult.error(null, -100, "系统错误 (异常降级业务逻辑)");
    }
}
</code>

Result screenshot omitted.

6. Authorization Rules

Authorization controls access based on request origin (

origin

). A whitelist allows only listed origins; a blacklist blocks listed origins.

Origins are supplied via ContextUtil.enter(resourceName, origin) .

Custom origin parser example:

<code>import com.alibaba.csp.sentinel.adapter.servlet.callback.RequestOriginParser;
import javax.servlet.http.HttpServletRequest;

public class SentinelRequestOriginParser implements RequestOriginParser {
    @Override
    public String parseOrigin(HttpServletRequest request) {
        return request.getParameter("origin");
    }
}
</code>

Configuration to register the parser and customize the filter:

<code>@Configuration
public class FilterContextConfig {
    @Bean
    public FilterRegistrationBean sentinelFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new CommonFilter());
        registration.addUrlPatterns("/*");
        registration.addInitParameter(CommonFilter.WEB_CONTEXT_UNIFY, "false");
        registration.setName("sentinelFilter");
        registration.setOrder(1);
        WebCallbackManager.setRequestOriginParser(new SentinelRequestOriginParser());
        return registration;
    }
}
</code>

Successful request screenshot and blocked request screenshot omitted.

7. System Rules

System protection rules monitor application‑level metrics (load, CPU usage, average RT, entry QPS, concurrent threads) and protect the system from overload. They only apply to inbound traffic (

EntryType.IN

).

Supported modes:

Load adaptive (Linux/Unix only): triggers when system load exceeds a threshold and concurrent threads exceed estimated capacity (

maxQps * minRt

).

CPU usage (1.5.0+): triggers when CPU usage exceeds a configurable ratio (0.0‑1.0).

Average RT : triggers when average response time exceeds a threshold (ms).

Concurrent threads : triggers when concurrent thread count exceeds a threshold.

Entry QPS : triggers when inbound QPS exceeds a threshold.

Principle: The system behaves like a water pipe; keeping the “water level” (QPS × Avg(RT)) balanced prevents queue buildup. Load acts as an activation signal for the adaptive algorithm.

Configuration screenshot omitted.

8. Cluster Flow Control

Cluster flow control ensures a global QPS limit across multiple instances. A Token Server aggregates tokens, while Token Clients request tokens before proceeding. This solves uneven traffic distribution and enables precise cluster‑wide limits.

Rule Push

The console supports three push modes: "Original", "Pull", and "Push". The original mode stores rules in memory; they disappear after a restart.

For production, use dynamic rule sources (e.g., Nacos, Apollo) with push mode. Implement

DynamicRuleProvider<T>

and

DynamicRulePublisher<T>

to pull and push rules from a remote configuration center.

Authentication

Since Sentinel 1.5.0, the console provides a generic

AuthService

interface for custom authentication. From 1.6.0, a basic login is available (default username/password:

sentinel

). Configure via JVM arguments or Spring properties, e.g.,

-Dsentinel.dashboard.auth.username=sentinel

,

-Dsentinel.dashboard.auth.password=123456

, and session timeout with

-Dserver.servlet.session.timeout=7200

.

Reference: Sentinel console documentation