search

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers
http://www.sysdig.com/
Other
7.69k stars 728 forks source link

sysdig chisels of IO category- "fdcount_by" fails #1573

Closed ghatwala closed 1 year ago

ghatwala commented 4 years ago

I have built sysdig from source on my platform and when tried to running few example commands as given here - https://github.com/draios/sysdig/wiki/Sysdig-Examples , all the commands listed here work for me except below, it seems to be thrown up from here from chisel api - https://github.com/draios/sysdig/blob/dev/userspace/libsinsp/chisel_api.cpp#L343 and am reading more about this in here too - https://github.com/draios/sysdig/blob/e404c50c346ce1a2750446aeaac59f4062f33b0a/userspace/sysdig/chisels/v_backlog.lua#L29

$ sysdig  --version
sysdig version 0.1.1dev

$ sysdig -c fdcount_by fd.sport "evt.type=read"  ( works ) 
^C
$ sysdig -c fdcount_by fd.sport "evt.type=open" ( works ) 
^C

$ sysdig -c fdcount_by fd.sport "evt.type=accept" ( does not work )
^Cinvalid call to evt.field()

Any pointers as to why only certain chisels filters don't work ( invalid call to evt.field ) ?

huanwei commented 4 years ago

It works in my environment:

^Croot@0697d245a25f:/# sysdig -c fdcount_by fd.sport "evt.type=accept" 
^C9099  17
8080    8

version of sysdig:

root@0697d245a25f:/# sysdig --version
sysdig version 0.26.4
ghatwala commented 4 years ago

@huanwei - Thanks for the validation. My above failures were on ppc64le platform , whereas on Intel (x86_64) have noticed that the failures do happen but with different flag options ..

On intel

root@x006vm57:~# sysdig -c fdcount_by fd.sport "evt.type=read" ( works )
^C35688 2
33124   2
22      1
root@x006vm57:~# sysdig -c fdcount_by fd.sport "evt.type=accept" ( works ) 
^C
root@x006vm57:~# sysdig -c fdcount_by fd.sport "evt.type=open" ( fails)
^Cinvalid call to evt.field()

On Power

root@p006vm18:~# sysdig -c fdcount_by fd.sport "evt.type=open" ( works )
^C
root@p006vm18:~# sysdig -c fdcount_by fd.sport "evt.type=read" ( works )
^C22    1
root@p006vm18:~# sysdig -c fdcount_by fd.sport "evt.type=accept" ( fails)
^Cinvalid call to evt.field()

Sysdig was built from source on both .. On intel

root@x006vm57:~# sysdig  --version
sysdig version 0.1.1dev
root@x006vm57:~# arch
x86_64

On power

root@p006vm18:~# sysdig --version
sysdig version 0.1.1dev
root@p006vm18:~# arch
ppc64le

So the conclusion is that the filter flag key value fails on both x86_64 and ppc64le but for different values . I have a PR to add power support to sysdig + travis job , any review comments on it - https://github.com/draios/sysdig/pull/1566 ?

github-actions[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.