Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional process fields from ECS #993

Merged
merged 28 commits into from
Aug 3, 2024
+90 −2
Merged

Add additional process fields from ECS #993

Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
7976ec6
Add additional process field from ECS
mjwolf May 1, 2024
87ed02f
Update changelog
mjwolf May 1, 2024
09dfec5
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf May 1, 2024
8159bb3
Rework proctitle description
mjwolf May 2, 2024
14e4761
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf May 9, 2024
4bdb4f1
Change process.uptime into metric
mjwolf May 9, 2024
b962c40
Merge branch 'main' into process-fields
trisch-me May 13, 2024
5ddf492
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf May 17, 2024
8c1aab5
Add `process.args_count` as a metric
mjwolf May 17, 2024
e5556de
Merge branch 'process-fields' of github.com:mjwolf/semantic-conventio…
mjwolf May 17, 2024
f58a91b
Merge branch 'main' into process-fields
trisch-me May 21, 2024
f5203fe
Merge branch 'main' into process-fields
trisch-me Jun 6, 2024
e8b6197
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf Jun 7, 2024
9d54451
Remove args_count from process metrics
mjwolf Jun 7, 2024
2170297
Merge branch 'process-fields' of github.com:mjwolf/semantic-conventio…
mjwolf Jun 7, 2024
fc120fe
Merge branch 'main' into process-fields
mjwolf Jun 24, 2024
c1faf95
Merge branch 'main' into process-fields
trisch-me Jul 17, 2024
b6b1ba8
Update proctitle and uptime descriptions
mjwolf Jul 18, 2024
cf0af2f
Update doc
mjwolf Jul 18, 2024
49c1c11
Add process.uptime to metrics docs
mjwolf Jul 18, 2024
3626e9f
Fix linting issue
mjwolf Jul 18, 2024
74eb5bf
Merge branch 'main' into process-fields
mjwolf Jul 18, 2024
becba6e
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf Jul 22, 2024
927619e
Merge branch 'process-fields' of github.com:mjwolf/semantic-conventio…
mjwolf Jul 22, 2024
0448dfb
Set recommended level for process.args_count
mjwolf Jul 22, 2024
6bb30d7
Merge remote-tracking branch 'upstream/main' into process-fields
mjwolf Aug 1, 2024
614d7de
Add note to process.uptime metric re: precision
mjwolf Aug 1, 2024
c78cdd4
Merge branch 'main' into process-fields
lmolkova Aug 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .chloggen/993.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
change_type: enhancement
component: process
note: Add additional process fields from ECS
issues: [993]
11 changes: 9 additions & 2 deletions docs/attributes-registry/process.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ An operating system process.

| Attribute | Type | Description | Examples | Stability |
| ----------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | ---------------------------------------------------------------- |
| `process.args_count` | int | Length of the process.command_args array [1] | `4` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
joaopgrassi marked this conversation as resolved.
Show resolved Hide resolved
lmolkova marked this conversation as resolved.
Show resolved Hide resolved
| `process.command` | string | The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter extracted from `GetCommandLineW`. | `cmd/otelcol` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.command_args` | string[] | All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be the full argv vector passed to `main`. | `["cmd/otecol", "--config=config.yaml"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.command_line` | string | The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of `GetCommandLineW`. Do not set this if you have to assemble it just for monitoring; use `process.command_args` instead. | `C:\cmd\otecol --config="my directory\config.yaml"` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
Expand All @@ -38,11 +39,17 @@ An operating system process.
| `process.saved_user.id` | int | The saved user ID (SUID) of the process. | `1002` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.saved_user.name` | string | The username of the saved user. | `operator` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.session_leader.pid` | int | The PID of the process's session leader. This is also the session ID (SID) of the process. | `14` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.title` | string | Process title [2] | `cat /etc/hostname` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.id` | int | The effective user ID (EUID) of the process. | `1001` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.user.name` | string | The username of the effective user of the process. | `root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [1] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.vpid` | int | Virtual process identifier. [3] | `12` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
| `process.working_directory` | string | The working directory of the process. | `/root` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |

**[1]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.
**[1]:** This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.

**[2]:** The process title (proctitle), sometimes the same as process name. It can also be different, for example, a browser setting its title to the web page currently opened.

**[3]:** The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.

`process.context_switch_type` has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Expand Down
9 changes: 9 additions & 0 deletions model/metrics/process-metrics.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,7 @@ groups:
unit: "{count}"
attributes:
- ref: process.context_switch_type

- id: metric.process.paging.faults
type: metric
metric_name: process.paging.faults
Expand All @@ -102,3 +103,11 @@ groups:
unit: "{fault}"
attributes:
- ref: process.paging.fault_type

- id: metric.process.uptime
mjwolf marked this conversation as resolved.
Show resolved Hide resolved
mjwolf marked this conversation as resolved.
Show resolved Hide resolved
type: metric
metric_name: process.uptime
stability: experimental
brief: "The number of seconds the process has been running."
mjwolf marked this conversation as resolved.
Show resolved Hide resolved
instrument: counter
unit: "s"
25 changes: 25 additions & 0 deletions model/registry/process.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,16 @@ groups:
null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based
executables, this would be the full argv vector passed to `main`.
examples: ['cmd/otecol', '--config=config.yaml']
- id: args_count
type: int
stability: experimental
brief: >
Length of the process.command_args array
note: >
This field can be useful for querying or performing bucket analysis on how many
arguments were provided to start a process. More arguments may be an indication
of suspicious activity.
examples: [4]
lmolkova marked this conversation as resolved.
Show resolved Hide resolved
- id: owner
type: string
stability: experimental
Expand Down Expand Up @@ -147,6 +157,15 @@ groups:
An additional description about the runtime of the process, for example
a specific vendor customization of the runtime environment.
examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
- id: title
type: string
stability: experimental
brief: >
Process title
note: >
The process title (proctitle), sometimes the same as process name. It can also be different, for
ChrsMark marked this conversation as resolved.
Show resolved Hide resolved
example, a browser setting its title to the web page currently opened.
examples: ["cat /etc/hostname"]
- id: creation.time
type: string
stability: experimental
Expand All @@ -170,6 +189,12 @@ groups:
stability: experimental
brief: >
Whether the process is connected to an interactive shell.
- id: working_directory
joaopgrassi marked this conversation as resolved.
Show resolved Hide resolved
type: string
stability: experimental
brief: >
The working directory of the process.
examples: ["/root"]
- id: context_switch_type
brief: "Specifies whether the context switches for this data point were voluntary or involuntary."
type:
Expand Down
Loading