Process
Process
Status:
type: process
Description: An operating system process.
Identifying Attributes:
| Key | Stability | Requirement Level | Value Type | Description | Example Values |
|---|---|---|---|---|---|
process.creation.time |  | Recommended | string | The date and time the process was created, in ISO 8601 format. | 2023-11-21T09:25:34.853Z |
process.pid | | Recommended | int | Process identifier (PID). | 1234 |
Descriptive Attributes:
| Key | Stability | Requirement Level | Value Type | Description | Example Values |
|---|---|---|---|---|---|
process.args_count | | Conditionally Required [1] | int | Length of the process.command_args array [2] | 4 |
process.command | | Conditionally Required [3] | string | The command used to launch the process (i.e. the command name). On Linux based systems, can be set to the zeroth string in proc/[pid]/cmdline. On Windows, can be set to the first parameter extracted from GetCommandLineW. | cmd/otelcol |
process.command_args | | Conditionally Required [4] | string[] | All the command arguments (including the command/executable itself) as received by the process. On Linux-based systems (and some other Unixoid systems supporting procfs), can be set according to the list of null-delimited strings extracted from proc/[pid]/cmdline. For libc-based executables, this would be the full argv vector passed to main. SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data. | ["cmd/otecol", "--config=config.yaml"] |
process.command_line | | Conditionally Required [5] | string | The full command used to launch the process as a single string representing the full command. On Windows, can be set to the result of GetCommandLineW. Do not set this if you have to assemble it just for monitoring; use process.command_args instead. SHOULD NOT be collected by default unless there is sanitization that excludes sensitive data. | C:\cmd\otecol --config="my directory\config.yaml" |
process.executable.name | | Conditionally Required [6] | string | The name of the process executable. On Linux based systems, this SHOULD be set to the base name of the target of /proc/[pid]/exe. On Windows, this SHOULD be set to the base name of GetProcessImageFileNameW. | otelcol |
process.executable.path | | Conditionally Required [7] | string | The full path to the process executable. On Linux based systems, can be set to the target of proc/[pid]/exe. On Windows, can be set to the result of GetProcessImageFileNameW. | /usr/bin/cmd/otelcol |
process.interactive | | Recommended | boolean | Whether the process is connected to an interactive shell. | |
process.linux.cgroup | | Recommended | string | The control group associated with the process. [8] | 1:name=systemd:/user.slice/user-1000.slice/session-3.scope; 0::/user.slice/user-1000.slice/user@1000.service/tmux-spawn-0267755b-4639-4a27-90ed-f19f88e53748.scope |
process.owner | | Recommended | string | The username of the user that owns the process. | root |
process.parent_pid | | Recommended | int | Parent Process identifier (PPID). | 111 |
process.title | | Recommended | string | Process title (proctitle) [9] | cat /etc/hostname; xfce4-session; bash |
process.working_directory | | Recommended | string | The working directory of the process. | /root |
[1] process.args_count: See Selecting process attributes for details.
[2] process.args_count: This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity.
[3] process.command: See Selecting process attributes for details.
[4] process.command_args: See Selecting process attributes for details.
[5] process.command_line: See Selecting process attributes for details.
[6] process.executable.name: See Selecting process attributes for details.
[7] process.executable.path: See Selecting process attributes for details.
[8] process.linux.cgroup: Control groups (cgroups) are a kernel feature used to organize and manage process resources. This attribute provides the path(s) to the cgroup(s) associated with the process, which should match the contents of the /proc/[PID]/cgroup file.
[9] process.title: In many Unix-like systems, process title (proctitle), is the string that represents the name or command line of a running process, displayed by system monitoring tools like ps, top, and htop.
Process Runtime
Status:
type: process.runtime
Description: The single (language) runtime instance which is monitored.
Identifying Attributes:
| Key | Stability | Requirement Level | Value Type | Description | Example Values |
|---|---|---|---|---|---|
process.runtime.name | | Recommended | string | The name of the runtime of this process. | OpenJDK Runtime Environment |
process.runtime.version | | Recommended | string | The version of the runtime of this process, as returned by the runtime without modification. | 14.0.2 |
Descriptive Attributes:
| Key | Stability | Requirement Level | Value Type | Description | Example Values |
|---|---|---|---|---|---|
process.runtime.description | | Recommended | string | An additional description about the runtime of the process, for example a specific vendor customization of the runtime environment. | Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0 |
Feedback
Was this page helpful?
Thank you. Your feedback is appreciated!
Please let us know how we can improve this page. Your feedback is appreciated!