You can use AppView to troubleshoot an application that's behaving problematically:
On the other hand, you can troubleshoot AppView itself if you're trying to appview an application but not getting the results you expect:
The AppView team considers it good practice to keep the snapshot feature turned on when scoping applications. That way, if a viewed app crashes, you'll always have either a stacktrace or a coredump or both (depending on how you configure AppView) as a starting point for your crash analysis.
When an application you're not scoping is crashing or otherwise behaving in unexpected ways, try scoping it with the snapshot feature turned on. Then you can explore the app's metrics and events while it's running, or analyze a coredump and/or stacktrace if it crashes.
The appview snapshot
command obtains debug information about a running or crashing process, regardless of whether or not the process is viewed.
Whenever the kernel sends the viewed app a fatal signal (i.e., illegal instruction, bus error, segmentation fault, or floating point exception), AppView will capture either a coredump, a stacktrace, or both, depending on what you have configured or the command-line options you choose. (You might want to keep coredump capture turned off if the relatively large size of coredump files would be problematic in your environment.)
snapshot
section of the config file.appview attach
, appview run
, and appview watch
commands can all take the -b
/--backtrace
and -c
/--coredump
options. The snapshot
field in the process-start message records whether capturing coredumps and backtraces are enabled or not.
Apart from coredumps and stacktraces, AppView always writes two additional files to the snapshot directory:
info_<timestamp>
provides basic information about the process.cfg_<timestamp>
records the AppView configuration in effect when the application crashed.
AppView offers many options for sending data to other applications (Cribl Stream, Cribl Edge, or any other application that receives data over TCP or UNIX sockets). If data does not show up at the destination, you can use the CLI to troubleshoot the transport AppView is trying to use:
appview inspect
retrieves the AppView config currently in effect and determines the status of the transport AppView is trying to use.appview update
modifies the current AppView config.appview ps
now determines whether the processes it lists are viewed or not.appview logs
retrieves AppView's own log files, which may contain errors or warnings useful for troubleshooting.The AppView team recommends using appview update
to perform dynamic configuration. For completeness, though, we're including the following section about an alternative method for dynamic configuration.
Separately from the appview update
command, AppView offers another way to do dynamic configuration in real time, via the command directory.
To use this feature, you first need to know the PID (process ID) of the currently viewed process. You then create a appview.<pid>
file, where:
<pid>
part of the filename is the PID of the viewed process.ENVIRONMENT_VARIABLE=value
.Once per reporting period, AppView looks in its command directory for a appview.<pid>
file. If it finds one where the <pid>
part of the filename matches the PID of the current viewed process, AppView applies the configuration settings specified in the file, then deletes the file.
The command directory defaults to /tmp
and the reporting period (a.k.a. metric summary interval) defaults to 10 seconds. You can configure them in the libappview
section of the config file). See the Command directory
and Metric summary interval
subsections, respectively.
Suppose your process of interest has PID 4242
and to begin your investigation, you want to bump metric verbosity up to 9 while muting all HTTP events.
Create a file named appview.4242
that contains two lines:
APPVIEW_METRIC_VERBOSITY=9
APPVIEW_EVENT_HTTP=false
Save the appview.4242
file in the command directory.
AppView will detect the file and the matching process, apply the config settings, then delete the file.
When you've seen enough of the verbose metrics, and you want to start looking at HTTP events, create a new appview.4242
which contains the following two lines, reversing the previous config settings:
APPVIEW_METRIC_VERBOSITY=4
APPVIEW_EVENT_HTTP=true
AppView will detect the file and the matching process, apply the config settings, then delete the file.
You can iterate on this workflow depending on what you find and what more you want to discover.