metrics: Add debug metric for non-critical errors by AritraDey-Dev · Pull Request #4416 · cilium/tetragon

AritraDey-Dev · 2025-12-09T10:04:00Z

Part of #2785

Stop reporting non-errors (as in: no action needed) as errors. Define separate metrics for "casual fails" if needed.

Description

Adds tetragon_debug_events_total metric for non-critical errors to reduce noise in tetragon_errors_total. (see commit)

Example Output:

# HELP tetragon_debug_events_total The total number of Tetragon debug events. For internal use only.
# TYPE tetragon_debug_events_total counter
tetragon_debug_events_total{type="process_metadata_username_ignored_not_in_host_namespaces"} 1

Changelog

Added tetragon_debug_events_total metric to separate non-critical issues from actual errors.

netlify · 2025-12-09T10:04:52Z

✅ Deploy Preview for tetragon ready!

Name	Link
🔨 Latest commit	`32fcc3f`
🔍 Latest deploy log	https://app.netlify.com/projects/tetragon/deploys/6968e6af5fcf3e000860315c
😎 Deploy Preview	https://deploy-preview-4416--tetragon.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

kevsecurity

LGTM

mtardy

I agree this is an improvement thanks! But just taking a step back here do we care about this warning at all in general? Should we just drop this altogether instead?

It looks like it was added there 28ce5ef. It looks like it was seen as useful during the review @kkourt, any memory?

mtardy

maybe we can move this from error to debug/note or an independent metric (with debug in its name or something)

mtardy · 2026-01-12T17:25:40Z

+const (
+	// The username resolution was skipped since the process is not in host
+	// namespaces.
+	ProcessMetadataUsernameIgnoredNotInHost WarningType = iota


Suggested change

ProcessMetadataUsernameIgnoredNotInHost WarningType = iota

ProcessMetadataUsernameIgnoredNotInHost DebugType = iota

AritraDey-Dev · 2026-01-12T19:57:22Z

maybe we can move this from error to debug/note or an independent metric (with debug in its name or something)

tetragon_debug_events_total how does this sound?

"There are 2 hard problems in computer science: cache invalidation, naming things, and off-by-1 errors." --- Leon Bambrick😅

mtardy

Thanks I think it looks good like that, only nit is now the name of the pkg and file is a bit of a mismatch but whatever, hopefully someone will reuse this debug thing instead of recreating one next time.

mtardy

yeah just two nits that should be quick to fix if you're okay:

small typos in comment
could you put this stuff into a new debugmetrics.go file in the same errormetrics pkg?

I'm also ok to merge like that if you feel that's better

mtardy · 2026-01-16T10:49:53Z

-// Get a new handle on the HandlerErrors metric
-func GetHandlerErrors(opcode ops.OpCode, er EventHandlerError) prometheus.Counter {
-	return HandlerErrors.WithLabelValues(strconv.Itoa(int(int32(opcode))), er.String())
+// Get a new handle on an DebugTotal metric for an DebugType


Suggested change

// Get a new handle on an DebugTotal metric for an DebugType

// Get a new handle on a DebugTotal metric for a DebugType

mtardy · 2026-01-16T10:50:07Z

-// Increment the HandlerErrors metric
-func HandlerErrorsInc(opcode ops.OpCode, er EventHandlerError) {
-	GetHandlerErrors(opcode, er).Inc()
+// Increment an DebugTotal for an DebugType


Suggested change

// Increment an DebugTotal for an DebugType

// Increment a DebugTotal for a DebugType

AritraDey-Dev · 2026-01-16T11:25:11Z

could you put this stuff into a new debugmetrics.go file in the same errormetrics pkg?

Yeah, that would be much more structured.

Right now, tetragon_errors_total counts things that aren't really errors, like ProcessMetadataUsernameIgnoredNotInHost. This happens a lot in containers and isn't something we usually need to fix, but it's spamming the error metrics. This change adds a new tetragon_debug_events_total metric for these kinds of 'casual fails'. I moved ProcessMetadataUsernameIgnoredNotInHost over to this new debug metric so the main error count is actually useful for spotting real problems. Signed-off-by: Aritra Dey <adey01027@gmail.com>

mtardy

awesome let's merge like this once green, thanks again

AritraDey-Dev requested a review from a team as a code owner December 9, 2025 10:04

AritraDey-Dev requested a review from kevsecurity December 9, 2025 10:04

AritraDey-Dev force-pushed the metrics-warnings branch from 3502235 to cba34da Compare December 9, 2025 10:10

kevsecurity added the release-note/minor This PR introduces a minor user-visible change label Jan 8, 2026

kevsecurity approved these changes Jan 8, 2026

View reviewed changes

mtardy reviewed Jan 8, 2026

View reviewed changes

mtardy requested a review from kkourt January 8, 2026 16:02

mtardy reviewed Jan 12, 2026

View reviewed changes

AritraDey-Dev force-pushed the metrics-warnings branch from cba34da to 32fcc3f Compare January 15, 2026 13:07

AritraDey-Dev requested a review from mtardy January 15, 2026 13:08

AritraDey-Dev changed the title ~~metrics: Add warnings metric for non-critical errors~~ metrics: Add debug metric for non-critical errors Jan 15, 2026

mtardy approved these changes Jan 16, 2026

View reviewed changes

mtardy reviewed Jan 16, 2026

View reviewed changes

AritraDey-Dev force-pushed the metrics-warnings branch from 32fcc3f to 7330c93 Compare January 16, 2026 11:29

mtardy reviewed Jan 16, 2026

View reviewed changes

Comment thread pkg/metrics/errormetrics/errormetrics.go Outdated

AritraDey-Dev force-pushed the metrics-warnings branch from 7330c93 to 4ae70a8 Compare January 16, 2026 11:42

mtardy approved these changes Jan 16, 2026

View reviewed changes

mtardy merged commit efe8719 into cilium:main Jan 16, 2026
52 checks passed

AritraDey-Dev deleted the metrics-warnings branch January 16, 2026 13:56

BrewTestBot mentioned this pull request Apr 29, 2026

tetra 1.7.0 Homebrew/homebrew-core#280098

Merged

	ProcessMetadataUsernameIgnoredNotInHost WarningType = iota
	ProcessMetadataUsernameIgnoredNotInHost DebugType = iota

	// Get a new handle on an DebugTotal metric for an DebugType
	// Get a new handle on a DebugTotal metric for a DebugType

	// Increment an DebugTotal for an DebugType
	// Increment a DebugTotal for a DebugType

Conversation

AritraDey-Dev commented Dec 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Changelog

Uh oh!

netlify Bot commented Dec 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for tetragon ready!

Uh oh!

kevsecurity left a comment

Choose a reason for hiding this comment

Uh oh!

mtardy left a comment

Choose a reason for hiding this comment

Uh oh!

mtardy left a comment

Choose a reason for hiding this comment

Uh oh!

mtardy Jan 12, 2026

Choose a reason for hiding this comment

Uh oh!

AritraDey-Dev commented Jan 12, 2026

Uh oh!

mtardy left a comment

Choose a reason for hiding this comment

Uh oh!

mtardy left a comment

Choose a reason for hiding this comment

Uh oh!

mtardy Jan 16, 2026

Choose a reason for hiding this comment

Uh oh!

mtardy Jan 16, 2026

Choose a reason for hiding this comment

Uh oh!

AritraDey-Dev commented Jan 16, 2026

Uh oh!

Uh oh!

mtardy left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

AritraDey-Dev commented Dec 9, 2025 •

edited

Loading

netlify Bot commented Dec 9, 2025 •

edited

Loading