cleanup(userspace/falco): add more fields to metrics

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2023-05-16 12:14:37 +00:00 committed by poiana
parent e37027a1d0
commit f0ac327f98
2 changed files with 2 additions and 1 deletions

View File

@ -632,7 +632,7 @@ base_syscalls:
# Emit kernel side event and drop counters, compare to `syscall_event_drops`,
# however this option reflects monotonic counters since Falco start,
# exported at a constant stats interval and therefore can be regarded as an alternative.
# kernel event conters are prefixed with `n_` e.g. `n_evts`, `n_drops`, `n_drops_buffer_total` ...
# kernel event counters are prefixed with `n_` e.g. `n_evts`, `n_drops`, `n_drops_buffer_total` ...
#
# `libbpf_stats_enabled`:
# Exposes `bpftool prog show` like stats, e.g. number of invocations

View File

@ -168,6 +168,7 @@ std::map<std::string, std::string> stats_writer::collector::get_metrics_output_f
output_fields["evt.time"] = std::to_string(now); /* Some ETLs may prefer a consistent timestamp within output_fields. */
output_fields["falco_version"] = FALCO_VERSION;
output_fields["falco_start_ts"] = std::to_string(agent_info->start_ts_epoch);
output_fields["falco_duration_sec"] = std::to_string((now - agent_info->start_ts_epoch) / ONE_SECOND_IN_NS);
output_fields["kernel_release"] = agent_info->uname_r;
output_fields["host_boot_ts"] = std::to_string(machine_info->boot_ts_epoch);
output_fields["hostname"] = machine_info->hostname; /* Explicitly add hostname to log msg in case hostname rule output field is disabled. */