Traces

Our traces philosophy

Traces are a powerful observability pillar, providing granular insights into microservice interactions. Traditionally, they were hard to implement, requiring coordination of multiple teams and constant code changes, making this critical aspect very challenging to maintain.

groundcover's eBPF sensor disrupts the famous tradeoff, empowering developers to gain full visibility into their applications, effortlessly and without any code changes.

The platform supports two kinds of traces:

eBPF traces are automatically generated for every supported service in your stack. They are available out-of-the-box and within seconds of installation. These traces always include critical information such as:

  • All services that took part in the interaction (both client and server)

  • Accessed resource

  • Full payloads, including:

    • All headers

    • All query parameters

    • All bodies - for both the request and response

3rd-party traces can be ingested into the platform, allowing to leverage already existing instrumentation to create a single pane of glass for all of your traces.

Traces are stored in groundcover's ClickHouse deployment, ensuring top notch performance on every scale.

For more details about ingesting 3rd party traces, see the integrations page.

Sampling

groundcover further disrupts the customary traces experience by reinventing the concept of sampling. This innovation differs between the different types of traces:

eBPF traces are generated by using 100% of the data, always processing every request being made, on every scale. However, the groundcover platform utilizes smart sampling to only store a fraction of the traces, while still generating an accurate picture. In general, sampling is performed according to these rules:

  • Requests with unusually high or low latencies, measured per resource

  • Requests which returned an error response (e.g 500 status code for HTTP)

  • "Normal" requests which form the baseline for each resource

Lastly, stream processing is utilized to make the sampling decisions on the node itself, without having to send or save any redundant traces.

Certain aspects of our sampling algorithm are configurable - read more here.

3rd-party traces are always ingested fully - meaning, no sampling is applied to traces which have been generated elsewhere and ingested by the platform.

When integrating 3rd-party traces, it is often wise to configure some sampling mechanism according to the specific use case.

Additional Context

Each trace is enriched with additional information to give as much context as possible for the service which generated the trace. This includes:

  • Container information - image, environment variables, pod name

  • Logs generated by the service around the time of the trace

  • Golden Signals of the resource around the time of the trace

  • Kubernetes events relevant to the service

  • CPU and Memory utilization of the service and the node it is scheduled on

Distributed Tracing

eBPF traces do not currently support distributed tracing. This is very much on our roadmap - stay tuned!

Trace Attributes

Trace Attributes enable advanced filtering and search capabilities. groundcover support attributes across all trace types. This encompasses a diverse range of protocols such as HTTP, MongoDB, PostgreSQL, and others, as well as varied sources including eBPF or manual instrumentations (for example - OpenTelemetry).

groundcover enriches your original traces and generates meaningful metadata as key-value pairs. This metadata includes critical information, such as protocol type, http.path, db.statement, and similar attributes, aligning with OTel conventions. Furthermore, groundcover seamlessly incorporates this metadata from spans received through supported manual instrumentations. For an in-depth understanding of attributes in OTel, please refer to OTel Attributes Documentation (external link to OpenTelemtry website).

Each attribute can be effortlessly integrated into your filters and search queries. You can add them directly from the trace side-panel with a simple click or input them manually into the search bar.

Example: If you want to filter all HTTP traces that contain the path "/products". The query would be formatted as: @http.path:"/products". For a comprehensive guide on the query syntax, see Syntax table below.

Trace Tags

Trace Tags enable advanced filtering and search capabilities. groundcover support tags across all trace types. This encompasses a diverse range of protocols such as HTTP, MongoDB, PostgreSQL, and others, as well as varied sources including eBPF or manual instrumentations (for example - OpenTelemetry).

Tags are powerful metadata components, structured as key-value pairs. They offer insightful information about the resource generating the span, like: container.image.name ,host.name and more.

Tags include metadata enriched by the our Alligator sensor and additional metadata if provided by manual instrumentations (such as OpenTelemetry traces) . Utilizing these Tags enhances understanding and context of your traces, allowing for more comprehensive analysis and easier filtering by the relevant information.

Each tag can be effortlessly integrated into your filters and search queries. You can add them directly from the trace side-panel with a simple click or input them manually into the search bar.

Example: If you want to filter all traces from mysql containers - The query would be formatted as: container.image.name:mysql. For a comprehensive guide on the query syntax, see Syntax table below.

Search and filter

The Trace Explorer integrates a dynamic filters panel and a versatile search bar to enhance your trace data analysis. On the left, the filters panel allows you to filter-out traces by selecting specific criteria, including trace-status, workload, namespace and more. The search bar supporting both filters applying and attributes search for comprehensive trace exploration. You can also apply the desired time-range using the time-ranger picker on the right-hand corner in the Trace Explorer.

To search for logs use the following syntax in the search bar:

SyntaxDescriptionExamples

Key:Value

Filters and Tags: Include filters to narrow down your search. Note - For a single key, multiple filters act with an 'OR' condition, whereas different keys are combined with an 'AND' condition.

level:Error

-Key:Value

Exclusion: Specify terms or filters to omit from logs events; applies to each distinct text search.

-namespace:demo

@key:value

Log Attribute: Include or exclude traces containing attributes for granular searches. Note - For a single key, multiple filters act with an 'OR' condition, whereas different keys are combined with an 'AND' condition.

@transaction.id:1234 -@owner:main

Controlling retention

groundcover allows full control over the retention of your traces. Read here to learn more.

Custom Configuration

Tracing can be customized in several ways:

Last updated