Traces
Traces
Falco Talon can export traces which are very useful to have observability over its performed actions.
You can enable the traces by enabling them in the config.yaml
and setting the address and port of the OTEL collector.
otel:
traces_enabled: true
collector_port: 4317
collector_endpoint: localhost
collector_use_insecure_grpc: true
timeout: 10
Information
A trace is emitted for every events received by Falco Talon, you can configure the OTEL Collector to do some tail sampling and only store the traces with actions.
...
processors:
batch:
tail_sampling:
decision_wait: 1s
num_traces: 200
policies:
[
{
name: ignore-unmatched,
type: ottl_condition,
ottl_condition: {
error_mode: ignore,
span: [
"IsMatch(name, \"match\")"
]
}
}
]
service:
pipelines:
traces:
...
processors: [tail_sampling, batch]
...
...
Last modified November 27, 2024: docs for v0.2.0 (#15) (9b5ae74)