278 lines
11 KiB
YAML
278 lines
11 KiB
YAML
groups:
|
|
- id: registry.process
|
|
type: attribute_group
|
|
display_name: Process Attributes
|
|
brief: >
|
|
An operating system process.
|
|
attributes:
|
|
- id: process.pid
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
Process identifier (PID).
|
|
examples: [1234]
|
|
- id: process.parent_pid
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
Parent Process identifier (PPID).
|
|
examples: [111]
|
|
- id: process.vpid
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
Virtual process identifier.
|
|
note: >
|
|
The process ID within a PID namespace. This is not necessarily unique
|
|
across all processes on the host but it is unique within the process
|
|
namespace that the process exists within.
|
|
examples: [12]
|
|
- id: process.session_leader.pid
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The PID of the process's session leader. This is also the session ID
|
|
(SID) of the process.
|
|
examples: [14]
|
|
- id: process.group_leader.pid
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The PID of the process's group leader. This is also the process group
|
|
ID (PGID) of the process.
|
|
examples: [23]
|
|
- id: process.executable.build_id.gnu
|
|
stability: development
|
|
type: string
|
|
brief: >
|
|
The GNU build ID as found in the `.note.gnu.build-id` ELF section (hex string).
|
|
examples: ['c89b11207f6479603b0d49bf291c092c2b719293']
|
|
- id: process.executable.build_id.go
|
|
stability: development
|
|
type: string
|
|
brief: >
|
|
The Go build ID as retrieved by `go tool buildid <go executable>`.
|
|
examples: ['foh3mEXu7BLZjsN9pOwG/kATcXlYVCDEFouRMQed_/WwRFB1hPo9LBkekthSPG/x8hMC8emW2cCjXD0_1aY']
|
|
- id: process.executable.build_id.htlhash
|
|
stability: development
|
|
type: string
|
|
brief: >
|
|
Profiling specific build ID for executables. See the OTel specification
|
|
for Profiles for more information.
|
|
examples: ['600DCAFE4A110000F2BF38C493F5FB92']
|
|
- id: process.executable.name
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The name of the process executable. On Linux based systems, this SHOULD be
|
|
set to the base name of the target of `/proc/[pid]/exe`. On Windows,
|
|
this SHOULD be set to the base name of `GetProcessImageFileNameW`.
|
|
examples: ['otelcol']
|
|
- id: process.executable.path
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The full path to the process executable. On Linux based systems, can
|
|
be set to the target of `proc/[pid]/exe`. On Windows, can be set to the
|
|
result of `GetProcessImageFileNameW`.
|
|
examples: ['/usr/bin/cmd/otelcol']
|
|
- id: process.command
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The command used to launch the process (i.e. the command name). On Linux
|
|
based systems, can be set to the zeroth string in `proc/[pid]/cmdline`.
|
|
On Windows, can be set to the first parameter extracted from `GetCommandLineW`.
|
|
examples: ['cmd/otelcol']
|
|
- id: process.command_line
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The full command used to launch the process as a single string representing
|
|
the full command. On Windows, can be set to the result of `GetCommandLineW`.
|
|
Do not set this if you have to assemble it just for monitoring; use
|
|
`process.command_args` instead.
|
|
SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data.
|
|
examples: ['C:\cmd\otecol --config="my directory\config.yaml"']
|
|
- id: process.command_args
|
|
type: string[]
|
|
stability: development
|
|
brief: >
|
|
All the command arguments (including the command/executable itself) as
|
|
received by the process. On Linux-based systems (and some other Unixoid
|
|
systems supporting procfs), can be set according to the list of
|
|
null-delimited strings extracted from `proc/[pid]/cmdline`. For libc-based
|
|
executables, this would be the full argv vector passed to `main`.
|
|
SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data.
|
|
examples:
|
|
- ['cmd/otecol', '--config=config.yaml']
|
|
- id: process.args_count
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
Length of the process.command_args array
|
|
note: >
|
|
This field can be useful for querying or performing bucket analysis on how many
|
|
arguments were provided to start a process. More arguments may be an indication
|
|
of suspicious activity.
|
|
examples: [4]
|
|
- id: process.owner
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The username of the user that owns the process.
|
|
examples: ['root']
|
|
- id: process.user.id
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The effective user ID (EUID) of the process.
|
|
examples: [1001]
|
|
- id: process.user.name
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The username of the effective user of the process.
|
|
examples: ['root']
|
|
- id: process.real_user.id
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The real user ID (RUID) of the process.
|
|
examples: [1000]
|
|
- id: process.real_user.name
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The username of the real user of the process.
|
|
examples: ['operator']
|
|
- id: process.saved_user.id
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The saved user ID (SUID) of the process.
|
|
examples: [1002]
|
|
- id: process.saved_user.name
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The username of the saved user.
|
|
examples: ['operator']
|
|
- id: process.runtime.name
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The name of the runtime of this process.
|
|
examples: ['OpenJDK Runtime Environment']
|
|
- id: process.runtime.version
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The version of the runtime of this process, as returned by the runtime
|
|
without modification.
|
|
examples: '14.0.2'
|
|
- id: process.runtime.description
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
An additional description about the runtime of the process, for example
|
|
a specific vendor customization of the runtime environment.
|
|
examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
|
|
- id: process.title
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
Process title (proctitle)
|
|
note: >
|
|
In many Unix-like systems, process title (proctitle), is the string
|
|
that represents the name or command line of a running process,
|
|
displayed by system monitoring tools like ps, top, and htop.
|
|
examples: ["cat /etc/hostname", "xfce4-session", "bash"]
|
|
- id: process.creation.time
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The date and time the process was created, in ISO 8601 format.
|
|
examples: ['2023-11-21T09:25:34.853Z']
|
|
- id: process.exit.time
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The date and time the process exited, in ISO 8601 format.
|
|
examples: ['2023-11-21T09:26:12.315Z']
|
|
- id: process.exit.code
|
|
type: int
|
|
stability: development
|
|
brief: >
|
|
The exit code of the process.
|
|
examples: [127]
|
|
- id: process.interactive
|
|
type: boolean
|
|
stability: development
|
|
brief: >
|
|
Whether the process is connected to an interactive shell.
|
|
- id: process.working_directory
|
|
type: string
|
|
stability: development
|
|
brief: >
|
|
The working directory of the process.
|
|
examples: ["/root"]
|
|
- id: process.context_switch_type
|
|
brief: "Specifies whether the context switches for this data point were voluntary or involuntary."
|
|
type:
|
|
members:
|
|
- id: voluntary
|
|
value: 'voluntary'
|
|
stability: development
|
|
- id: involuntary
|
|
value: 'involuntary'
|
|
stability: development
|
|
stability: development
|
|
- id: process.paging.fault_type
|
|
brief: >
|
|
The type of page fault for this data point. Type `major` is for major/hard page faults, and `minor`
|
|
is for minor/soft page faults.
|
|
type:
|
|
members:
|
|
- id: major
|
|
value: 'major'
|
|
stability: development
|
|
- id: minor
|
|
value: 'minor'
|
|
stability: development
|
|
stability: development
|
|
- id: process.environment_variable
|
|
brief: >
|
|
Process environment variables, `<key>` being the environment variable
|
|
name, the value being the environment variable value.
|
|
note: |
|
|
Examples:
|
|
|
|
- an environment variable `USER` with value `"ubuntu"` SHOULD be recorded
|
|
as the `process.environment_variable.USER` attribute with value `"ubuntu"`.
|
|
|
|
- an environment variable `PATH` with value `"/usr/local/bin:/usr/bin"`
|
|
SHOULD be recorded as the `process.environment_variable.PATH` attribute
|
|
with value `"/usr/local/bin:/usr/bin"`.
|
|
|
|
type: template[string]
|
|
stability: development
|
|
examples: ['ubuntu', '/usr/local/bin:/usr/bin']
|
|
# process.linux* attribute group
|
|
- id: registry.process.linux
|
|
type: attribute_group
|
|
brief: "Describes Linux Process attributes"
|
|
attributes:
|
|
- id: process.linux.cgroup
|
|
type: string
|
|
stability: development
|
|
brief: The control group associated with the process.
|
|
examples: ["1:name=systemd:/user.slice/user-1000.slice/session-3.scope", "0::/user.slice/user-1000.slice/user@1000.service/tmux-spawn-0267755b-4639-4a27-90ed-f19f88e53748.scope"]
|
|
note: >
|
|
Control groups (cgroups) are a kernel feature used to organize and
|
|
manage process resources. This attribute provides the path(s) to the
|
|
cgroup(s) associated with the process, which should match the contents
|
|
of the
|
|
[/proc/\[PID\]/cgroup](https://man7.org/linux/man-pages/man7/cgroups.7.html)
|
|
file.
|