Skip to content

process.md

Latest commit

 

History

History
138 lines (102 loc) · 15.2 KB

process.md

File metadata and controls

138 lines (102 loc) · 15.2 KB

Process

Process Attributes

An operating system process.

Attributes:

Key Stability Value Type Description Example Values
process.args_count Development int Length of the process.command_args array [1] 4
process.command Development string The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in proc/[pid]/cmdline. On Windows, can be set to the first parameter extracted from GetCommandLineW. cmd/otelcol
process.command_args Development string[] All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from proc/[pid]/cmdline. For libc-based executables, this would be the full argv vector passed to main. SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data. ["cmd/otecol", "--config=config.yaml"]
process.command_line Development string The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of GetCommandLineW. Do not set this if you have to assemble it just for monitoring; use process.command_args instead. SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data. C:\cmd\otecol --config="my directory\config.yaml"
process.context_switch.type Development string Specifies whether the context switches for this data point were voluntary or involuntary. voluntary; involuntary
process.creation.time Development string The date and time the process was created, in ISO 8601 format. 2023-11-21T09:25:34.853Z
process.environment_variable.<key> Development string Process environment variables, <key> being the environment variable name, the value being the environment variable value. [2] ubuntu; /usr/local/bin:/usr/bin
process.executable.build_id.gnu Development string The GNU build ID as found in the .note.gnu.build-id ELF section (hex string). c89b11207f6479603b0d49bf291c092c2b719293
process.executable.build_id.go Development string The Go build ID as retrieved by go tool buildid <go executable>. foh3mEXu7BLZjsN9pOwG/kATcXlYVCDEFouRMQed_/WwRFB1hPo9LBkekthSPG/x8hMC8emW2cCjXD0_1aY
process.executable.build_id.htlhash Development string Profiling specific build ID for executables. See the OTel specification for Profiles for more information. 600DCAFE4A110000F2BF38C493F5FB92
process.executable.name Development string The name of the process executable. On Linux based systems, this SHOULD be set to the base name of the target of /proc/[pid]/exe. On Windows, this SHOULD be set to the base name of GetProcessImageFileNameW. otelcol
process.executable.path Development string The full path to the process executable. On Linux based systems, can be set to the target of proc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW. /usr/bin/cmd/otelcol
process.exit.code Development int The exit code of the process. 127
process.exit.time Development string The date and time the process exited, in ISO 8601 format. 2023-11-21T09:26:12.315Z
process.group_leader.pid Development int The PID of the process's group leader. This is also the process group ID (PGID) of the process. 23
process.interactive Development boolean Whether the process is connected to an interactive shell.
process.owner Development string The username of the user that owns the process. root
process.parent_pid Development int Parent Process identifier (PPID). 111
process.pid Development int Process identifier (PID). 1234
process.real_user.id Development int The real user ID (RUID) of the process. 1000
process.real_user.name Development string The username of the real user of the process. operator
process.runtime.description Development string An additional description about the runtime of the process, for example a specific vendor customization of the runtime environment. Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0
process.runtime.name Development string The name of the runtime of this process. OpenJDK Runtime Environment
process.runtime.version Development string The version of the runtime of this process, as returned by the runtime without modification. 14.0.2
process.saved_user.id Development int The saved user ID (SUID) of the process. 1002
process.saved_user.name Development string The username of the saved user. operator
process.session_leader.pid Development int The PID of the process's session leader. This is also the session ID (SID) of the process. 14
process.state Development string The process state, e.g., Linux Process State Codes running
process.title Development string Process title (proctitle) [3] cat /etc/hostname; xfce4-session; bash
process.user.id Development int The effective user ID (EUID) of the process. 1001
process.user.name Development string The username of the effective user of the process. root
process.vpid Development int Virtual process identifier. [4] 12
process.working_directory Development string The working directory of the process. /root

[1] process.args_count: This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.

[2] process.environment_variable.<key>: Examples:

  • an environment variable USER with value "ubuntu" SHOULD be recorded as the process.environment_variable.USER attribute with value "ubuntu".

  • an environment variable PATH with value "/usr/local/bin:/usr/bin" SHOULD be recorded as the process.environment_variable.PATH attribute with value "/usr/local/bin:/usr/bin".

[3] process.title: In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.

[4] process.vpid: The process ID within a PID namespace. This is not necessarily unique across all processes on the host but it is unique within the process namespace that the process exists within.

process.context_switch.type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value Description Stability
involuntary involuntary Development
voluntary voluntary Development

process.state has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value Description Stability
defunct defunct Development
running running Development
sleeping sleeping Development
stopped stopped Development

Process Linux Attributes

Describes Linux Process attributes

Attributes:

Key Stability Value Type Description Example Values
process.linux.cgroup Development string The control group associated with the process. [5] 1:name=systemd:/user.slice/user-1000.slice/session-3.scope; 0::/user.slice/user-1000.slice/user@1000.service/tmux-spawn-0267755b-4639-4a27-90ed-f19f88e53748.scope

[5] process.linux.cgroup: Control groups (cgroups) are a kernel feature used to organize and manage process resources. This attribute provides the path(s) to the cgroup(s) associated with the process, which should match the contents of the /proc/[PID]/cgroup file.

Deprecated Process Attributes

Deprecated process attributes.

Attributes:

Key Stability Value Type Description Example Values
process.context_switch_type Deprecated
Replaced by process.context_switch.type.		 string "Deprecated, use process.context_switch.type instead." voluntary; involuntary
process.cpu.state Deprecated
Replaced by cpu.mode.		 string Deprecated, use cpu.mode instead. system; user; wait
process.executable.build_id.profiling Deprecated
Replaced by process.executable.build_id.htlhash.		 string "Deprecated, use process.executable.build_id.htlhash instead." 600DCAFE4A110000F2BF38C493F5FB92
process.paging.fault_type Deprecated
Replaced by system.paging.fault.type.		 string Deprecated, use system.paging.fault.type instead. major; minor

process.context_switch_type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value Description Stability
involuntary involuntary Development
voluntary voluntary Development

process.cpu.state has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value Description Stability
system system Development
user user Development
wait wait Development

process.paging.fault_type has the following list of well-known values. If one of them applies, then the respective value MUST be used; otherwise, a custom value MAY be used.

Value Description Stability
major major Development
minor minor Development