groups: - id: registry.process prefix: process type: attribute_group brief: > An operating system process. attributes: - id: pid type: int brief: > Process identifier (PID). examples: [1234] - id: parent_pid type: int brief: > Parent Process identifier (PID). examples: [111] - id: executable.name type: string brief: > The name of the process executable. On Linux based systems, can be set to the `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of `GetProcessImageFileNameW`. examples: ['otelcol'] - id: executable.path type: string brief: > The full path to the process executable. On Linux based systems, can be set to the target of `proc/[pid]/exe`. On Windows, can be set to the result of `GetProcessImageFileNameW`. examples: ['/usr/bin/cmd/otelcol'] - id: command type: string brief: > The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows, can be set to the first parameter extracted from `GetCommandLineW`. examples: ['cmd/otelcol'] - id: command_line type: string brief: > The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of `GetCommandLineW`. Do not set this if you have to assemble it just for monitoring; use `process.command_args` instead. examples: ['C:\cmd\otecol --config="my directory\config.yaml"'] - id: command_args type: string[] brief: > All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be the full argv vector passed to `main`. examples: ['cmd/otecol', '--config=config.yaml'] - id: owner type: string brief: > The username of the user that owns the process. examples: 'root'