Sysdig Trace Capture

The Captures Tab displays a list of any Sysdig capture files created via the ‘Sysdig Capture’ function which is available on the Explore tab when a host is selected.  Sysdig capture files contain system calls and other OS events which can be analyzed with the open source sysdig utility or with the Trace Analyzer - a visual tool for rendering the system calls recorded in the capture file. The Trace Analyzer will appear when you click on any listed capture file. This guide details how to record a trace file from your host and download it for command line analysis with sysdig or analyze it in the Trace Analyzer.


Create a capture file by selecting a host or container item from one of the Explore Tab tables:


The Sysdig Capture pop-up window will prompt for a storage location, a capture file name, an amount of time to capture, and an optional sysdig utility filter.  Be default your captures will be stored in the SysdigCloud Amazon S3 bucket but you can use the 'go to settings' link to define your own S3 bucket if desired.  We recommend using the default time of 15 seconds to keep captures small and manageable. 

The maximum capture time available for any trace file is 24 hours with a current capture file size limit of 100MB.

Filters can be entered to restrict the amount of trace information collected. Please see the sysdig utility website for details and examples on filters allowed.  


When you click Start Capture, the Sysdig agent will be signaled to start a capture and send back the resulting trace file which will be shown in the Capture tab.

The top half of the Capture tab is a table that shows the capture name, the host information and the time frame of the capture.  A status of 'uploaded' means the file has been transmitted from the Sysdig agent to the S3 bucket and is available for viewing in the Trace Analyzer or downloading to your workstation for detailed analysis using the 'sysdig' or 'csysdig' open source utilities. 

The Trace Analyzer will appear when you click on any of the listed capture files. Click the 'Display' menu to choose the metric to be charted and then select up to three levels of hierarchy in the 'Segment by' section. A simple diagram will be rendered showing colored boxes sized according to the metric's respective utilization (CPU, Memory, IOP, and etc.)  You can click any box to drill down the next level in the defined hierarchy. 



Use the 'Delete' button to remove a capture file or the "Delete All" button at the top of the file list to remove all captures at once.  


Have more questions? Submit a request