Skip to content
KloudMate Docs

eBPF Observability

eBPF (Extended Berkeley Packet Filter) allows the KloudMate Agent to observe your applications directly from the Linux operating system kernel. You get deep visibility into network traffic, database queries, and application performance without changing a single line of code or installing SDKs.

This guide explains how to enable and configure eBPF data collection through the KloudMate web interface.

Step 1: Install the KloudMate Agent

Section titled “Step 1: Install the KloudMate Agent”

Before you can enable eBPF, the KloudMate Agent must be running on your host or cluster. eBPF requires a Linux environment (Kernel 5.8+ recommended).

Follow the relevant installation guide if you haven’t already:

Step 2: Enable eBPF via the Config Editor

Section titled “Step 2: Enable eBPF via the Config Editor”

The KloudMate Agent is managed centrally. You do not need to SSH into your servers or manually edit YAML files. You enable eBPF by updating the agent’s remote configuration via the KloudMate dashboard.

  1. Log in to your KloudMate Platform.
  2. Navigate to the Agents landing page.
  3. Locate the Agent installed on your target Linux host or Kubernetes cluster.
  4. Click Collector Configuration to open the remote YAML editor.

Base Configuration for APM

Section titled “Base Configuration for APM”

Add or verify the following configuration blocks in the web editor to enable RED metrics, distributed traces, and network telemetry.

metrics:
  features:
    - application      # Enables HTTP, gRPC, and SQL operation metrics
    - application_span # Enables Trace spans for transactions
    - network          # Enables L3/L4 Network flow metrics

discovery:
  services:
    - name: all-services
      namespace: default
      open_ports: "80, 443, 8080, 8443, 5432, 3306, 6379, 9092, 27017"

network:
  enable: true
  source: tc
  direction: both

attributes:
  kubernetes:
    enable: true       # Set to true if running inside Kubernetes
  1. Save the configuration. The agent will automatically restart and apply the new settings.

Step 3: Verify Your Data

Section titled “Step 3: Verify Your Data”

Once the agent restarts with the eBPF configuration, it immediately begins observing kernel traffic.

Navigate to the following views in the KloudMate dashboard to verify data collection:

  • APM: Look for automatically generated Service Maps, latency, and throughput metrics.
  • Traces: Search for automatically generated spans representing your network traffic.
  • Database Activity Monitoring: Look for captured database queries.

Reference: Advanced Options

Section titled “Reference: Advanced Options”

Advanced Database Tuning

Section titled “Advanced Database Tuning”

For high-load database environments, you can add an ebpf block to tune statement caching and heuristic detection.

ebpf:
  heuristic_sql_detect: true
  mysql_prepared_statements_cache_size: 1024
  postgres_prepared_statements_cache_size: 1024

What eBPF Collects

Section titled “What eBPF Collects”

When the configuration above is applied, the eBPF receiver automatically collects:

  • Application Performance Metrics: RED metrics (Request rate, Error rate, and Duration/latency).
  • Traces: Automatically generated trace spans for your network traffic flows.
  • Service Dependencies: Information used to build visual Service Maps.
  • Network Telemetry: Low-level L3 and L4 network flow metrics.
  • Database Activity: Kernel-level database query signals.
Section titled “Related Docs”