Skip to main content
Version: v4.21

processes

Shows a snapshot of running processes.

Synopsis

processes

Description

The processes operator shows a snapshot of all currently running processes.

Schemas

Tenzir emits process information with the following schema.

tenzir.process

Contains detailed information about the process.

FieldTypeDescription
namestringThe process name.
command_linelist<string>The command line of the process.
piduint64The process identifier.
ppiduint64The parent process identifier.
uiduint64The user identifier of the process owner.
giduint64The group identifier of the process owner.
ruiduint64The real user identifier of the process owner.
rgiduint64The real group identifier of the process owner.
prioritystringThe priority level of the process.
startuptimeThe time when the process was started.
vsizeuint64The virtual memory size of the process.
rsizeuint64The resident set size (physical memory used) of the process.
swapuint64The amount of swap memory used by the process.
peak_memuint64Peak memory usage of the process.
open_fdsuint64The number of open file descriptors by the process.
utimedurationThe user CPU time consumed by the process.
stimedurationThe system CPU time consumed by the process.

Examples

Show running processes sorted by how long they've been running:

processes
| sort startup desc

Show the top five running processes by name:

processes
| top name
| head 5