Troubleshooting

While our goal for getting started is to be as simple as dropping our Agent into your app's environment, we know that all environments have their unique implementations, and so getting started might run into a snag from time to time.

This page will cover the most common issues we see when users try to get started. If you don't see your issue, please check out our comprehensive (and constantly growing) set of help articles.

  1. I'm getting an error about failed to list network interfaces
  2. I'm getting an error about invalid credentials
  3. The Akita Agent can't see my endpoints
  4. The Akita Agent is not capturing traffic
  5. I'm using the Chrome Extension, and just see a "sit tight" message

Insufficient privilege

In order for the Akita Agent to see how your API is behaving, it needs certain permissions. Specifically, the Akita Agent needs the CAP_NET_RAW capability enabled. If you are running as the root user, this should be enabled automatically.

If you see an error about failed to list network interfaces, then it is very likely that CAP_NET_RAW is not enabled.

If you cannot run as root, or would like to ensure that the CAP_NET_RAW capability is set properly, run the following command to enable it:

setcap cap_net_raw+e /usr/local/bin/akita

Invalid credentials

If you encounter an error that reads: [ERROR] failed to get list of services associated with the account: Invalid credentials, then it it likely that either the Akita API key or key secret was entered incorrectly. In a Docker context it would probably due to miscopying the key ID or key secret.

First, if you saved your key ID and secret somewhere, please try the installation again.
If that doesn't work, please regenerate your API key and secret, and try the installation again with the new key ID and secret.

If you see a different message about the key or secret being missing, please check the environment variable name to ensure that it is correct. If there is a typo in the environment variable name, the Akita Agent will not be able to find the API key and secret.

Encrypted traffic

If you encounter an error saying something like The Akita client did not observe any network traffic, or ... but did not find any unencrypted traffic, then you are likely running the Akita agent on a different network from where your API is running.

2019

If possible, try to re-install your Akita Agent on the same network as your API. If you have a private Docker network, check out our docs for getting started on an Internal Network in Docker. Otherwise, look over our DIY Akita Agent Integration instructions.

If your environment is set up to be fully encrypted by design, you will have to try Akita at another time as we do not currently support encrypted traffic.

🚧

Don't see your issue here?

If you don't see your issue on this page, please check out our growing set of help articles. You can also contact us in Intercom for further assistance.

Not capturing traffic

This section describes what to do if you have started the Akita Agent but no metrics or models are appearing in the Akita Console.

Check the client status

If nothing is showing up, one reason could be that the Akita client isn't seeing the traffic it's expecting to see. In the Akita Console, navigate to the "Diagnostics" link in the sidebar, and select the "Traffic" tab.

1632

Each time an Akita Agent starts, it registers with the Akita backend and monitors packet capture health over the course of one minute after initialization. Agents that fail to capture traffic within the first minute will appear with a warning status on this page.

1962

Each row expands to show warning messages (if applicable) along with packet capture statistics.

1938

Here are a few things to look for:

  • The Raw TCP packets count is zero. This means that the Agent did not see any traffic. If you are using the --filter flag or have specified an interface to listen on, make sure they are correct. To make sure you're not filtering too much, try removing these flags to capture traffic on all ports and interfaces.
  • The Unparsable packets count is greater than zero. This often means the Akita Agent is trying to parse encrypted traffic. If the HTTP Request/Response count is zero, then all your traffic is likely TLS traffic. See above or talk to us about what to do.

Check for log messages from the Akita Agent

The Akita Agent will show an error if the collection of API traffic fails or results in an empty trace. In addition to the issues covered above, incorrect permissions and invalid credentials, check that the TCP port number you gave was correct. If it is incorrect, the traffic will not be included in the trace and you will see an error No inbound HTTP calls captured.

See the Diagnostics section in the apidump command for more information.

Test that Akita saw all your endpoints

Once you run Akita, here’s how you can test that your setup worked. First, use apidump to capture traffic to your service and store it in a local trace.

# 1. Start capturing traffic:
akita apidump --filter "port ${YOUR_PORT}" --out path/to/local/dir

# 2. Exercise your service's API.
# 3. Hit Ctrl+C to stop capturing traffic.

Chrome Extension

If you have created an account and run the Chrome Extension: OpenAPI Spec Generator but only see a message to "Sit tight," then you may have hit a known bug.

Please log out of the Akita app, refresh your page, and log back in. You should see your traffic and Chrome Extension project.