eBPF
eBPF (extended Berkeley Packet Filter) is a cutting-edge Linux kernel technology that allows safe, efficient, and programmable data collection at runtime. It enables deep observability into your system and application behavior without modifying code or adding performance overhead.
Causely leverages OpenTelemetry eBPF instrumentation, powered by Grafana Beyla, to automatically extract rich telemetry data from your services. This zero-effort integration provides actionable insights into service interactions, latencies, and system performance—with zero changes to application code.
How It Works
Causely's eBPF-based instrumentation follows a streamlined process:
- The system inspects running applications to determine which technologies they use.
- Once application characteristics are identified, eBPF uprobes and kprobes are activated at key points to capture network traffic information, for example HTTP or gRPC.
- These probes generate events related to the application's traffic, which are then converted into OpenTelemetry metrics and traces.
- The collected telemetry is sent to the mediator, which will perform symptom detection, topology discovery and local processing and then send distilled insights to the Causely engine.
This approach supports multiple programming languages including Go, Java, .NET, NodeJS, Python, Ruby, Rust, and more—without requiring any code modifications or language-specific agents.
To learn more about how the automatic instrumentation works, see the Grafana Beyla documentation.
Configuration
eBPF-based scraping is enabled by default in Causely deployments. If you wish to disable it, you can modify the causely-values.yaml configuration:
scrapers:
bpf:
enabled: false
If your application is already instrumented with OpenTelemetry, the agent will detect this and not instrument it again.