Skip to main content

eBPF Tracing and Profiling

This sublesson shows how to use eBPF-based instrumentation and profiling pipelines. These examples rely on the OTLP and Pyroscope outputs configured in 01-global.alloy.

Example: OTLP Receiver for Traces

10-receiver.alloy
// 10-receiver.alloy

otelcol.receiver.otlp "default" {
  // Listen for gRPC traces from your app (default port 4317)
  grpc {
    endpoint = "0.0.0.0:4317"
  }

  output {
    // Forward everything to the Grafana Cloud exporter in 01-global.alloy
    traces = [otelcol.exporter.otlp.grafana_cloud.input]
  }
}

Example: Monitoring Application Logs using EBPF

09-ebpf.alloy
// 09-ebpf.alloy

beyla.ebpf "tg_otp" {
	discovery {
		instrument {
			open_ports = "8002"
      name       = "tg_otp"
		}
	}

	ebpf {
		heuristic_sql_detect = true
	}

	output {
		traces = [otelcol.exporter.otlp.grafana_cloud.input]
	}
}

note

eBPF components typically require root privileges. Ensure the Alloy service has the required permissions on the host.

Example: Profiling All Linux Processes

/etc/alloy/12-profiling.alloy
// 1. Automatically find all processes running on this Linux host
discovery.process "all_linux_processes" {
}

// 2. Use eBPF to profile those discovered processes
pyroscope.ebpf "all_jobs" {
  forward_to = [pyroscope.write.production_backend.receiver]
  targets    = discovery.process.all_linux_processes.targets
}

Example: Profiling a Single Application

/etc/alloy/13-profiling-a-process.alloy
// 1. Discover all processes on the host
discovery.process "local_processes" {
}

// 2. Filter for only our python script
discovery.relabel "filter_gobotify" {
  targets = discovery.process.local_processes.targets

  // Look at the command line of the process
  rule {
    source_labels = ["__meta_process_commandline"]
    regex         = ".*gobotify.*"
    action        = "keep"
  }

  // Make the name look clean in Grafana
  rule {
    action       = "replace"
    target_label = "service_name"
    replacement  = "gobotify-app"
  }
}

// 3. Attach eBPF to the filtered process
pyroscope.ebpf "gobotify_monitor" {
  forward_to = [pyroscope.write.production_backend.receiver]
  targets    = discovery.relabel.filter_gobotify.output
}

Sample Python Program to test Pyroscope Profiling

gobotify.py
import time
import math
import hashlib
import random

def verify_request_signature(loops=30000):
    """Simulates security overhead/signing."""
    secret = "vikas-secret-key"
    for _ in range(loops):
        hashlib.sha512(secret.encode()).hexdigest()

def normalize_sensor_data(size=150000):
    """Simulates mathematical normalization of a large dataset."""
    data = []
    for i in range(size):
        # Triggers complex math for CPU profiling
        val = (math.sin(i) * math.cos(i)) / (math.sqrt(i) + 1)
        data.append(val)
    return sum(data)

def generate_encrypted_report():
    """Simulates final packaging of data."""
    report_content = "Report_" * 1000
    # Nested call to show hierarchy
    for _ in range(10):
        hashlib.sha256(report_content.encode()).hexdigest()

def main_execution_loop():
    """Orchestrates the steps in order."""
    print("--- Starting Cycle ---")
    
    # Step 1: Authentication (Security Peak)
    verify_request_signature()
    
    # Step 2: Processing (Data Science Peak)
    normalize_sensor_data()
    
    # Step 3: Reporting (Output Peak)
    generate_encrypted_report()
    
    # Simulate a small break (gap in CPU usage)
    time.sleep(0.5)

if __name__ == "__main__":
    print("Gobotify Pipeline v2.0 is active...")
    print("Targeting service_name: gobotify-app")
    try:
        while True:
            main_execution_loop()
    except KeyboardInterrupt:
        print("\nStopping...")