Skip to main content

eBPF

eBPF (extended Berkeley Packet Filter) is a cutting-edge Linux kernel technology that allows safe, efficient, and programmable data collection at runtime. It enables deep observability into your system and application behavior without modifying code or adding performance overhead.

Causely leverages OpenTelemetry eBPF instrumentation, powered by Grafana Beyla, to automatically extract rich telemetry data from your services. This zero-effort integration provides actionable insights into service interactions, latencies, and system performance—with zero changes to application code.

How It Works

Causely's eBPF-based instrumentation follows a streamlined process:

  1. The system inspects running applications to determine which technologies they use.
  2. Once application characteristics are identified, eBPF uprobes and kprobes are activated at key points to capture network traffic information, for example HTTP or gRPC.
  3. These probes generate events related to the application's traffic, which are then converted into OpenTelemetry metrics and traces.
  4. The collected telemetry is sent to the mediator, which will perform symptom detection, topology discovery and local processing and then send distilled insights to the Causely engine.

This approach supports multiple programming languages including Go, Java, .NET, NodeJS, Python, Ruby, Rust, and more—without requiring any code modifications or language-specific agents.

To learn more about how the automatic instrumentation works, see the Grafana Beyla documentation.

Configuration

For automatic instrumentation of Java applications the HotSpot JVM supports dynamic agent loading, allowing you to attach the OpenTelemetry Java agent at runtime, no eBPF required. To enable this functionality modify the causely-values.yaml configuration:

agent:
  beyla:
    global_config:
      ebpf:
        # Enables Java instrumentation with the OpenTelemetry JDK Agent
        use_otel_sdk_for_java: true

eBPF-based scraping is enabled by default in Causely deployments. If you wish to disable it, you can modify the causely-values.yaml configuration:

scrapers:
  bpf:
    enabled: false
note

If your application is already instrumented with OpenTelemetry, the agent will detect this and not instrument it again.