Red Hat Enterprise Linux 8 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 8 (RHEL 8) Essentials in eBook ($24.99) or Print ($36.99) format

Red Hat Enterprise Linux 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 250 pages

3.5.7. Computing for Statistical Aggregates

Statistical aggregates are used to collect statistics on numerical values where it is important to accumulate new data quickly and in large volume (i.e. storing only aggregated stream statistics). Statistical aggregates can be used in global variables or as elements in an array.

To add value to a statistical aggregate, use the operator <<< value.

Example 3.19. stat-aggregates.stp

global reads
probe vfs.read
{
reads[execname()] <<< count
}

In Example 3.19, “stat-aggregates.stp”, the operator <<< countstores the amount returned by count to the associated value of the corresponding execname() in the reads array. Remember, these values are stored; they are not added to the associated values of each unique key, nor are they used to replace the current associated values. In a manner of speaking, think of it as having each unique key (execname()) having multiple associated values, accumulating with each probe handler run.

Note

In the context of Example 3.19, “stat-aggregates.stp”, count returns the amount of data written by the returned execname() to the virtual file system.

To extract data collected by statistical aggregates, use the syntax format @extractor(variable/array index expression). extractor can be any of the following integer extractors:

count

Returns the number of all values stored into the variable/array index expression. Given the sample probe in Example 3.19, “stat-aggregates.stp”, the expression @count(writes[execname()]) will return how many values are stored in each unique key in array writes.

sum

Returns the sum of all values stored into the variable/array index expression. Again, given sample probe in Example 3.19, “stat-aggregates.stp”, the expression @sum(writes[execname()]) will return the total of all values stored in each unique key in array writes.

min

Returns the smallest among all the values stored in the variable/array index expression.

max

Returns the largest among all the values stored in the variable/array index expression.

avg

Returns the average of all values stored in the variable/array index expression.

When using statistical aggregates, you can also build array constructs that use multiple index expressions (to a maximum of 5). This is helpful in capturing additional contextual information during a probe. For example:

In Example 3.20, “Multiple Array Indexes”, the first probe tracks how many times each process performs a VFS read. What makes this different from earlier examples is that this array associates a performed read to both a process name and its corresponding process ID.

The second probe in Example 3.20, “Multiple Array Indexes” demonstrates how to process and print the information collected by the array reads. Note how the foreach statement uses the same number of variables (i.e. var1 and var2) contained in the first instance of the array reads from the first probe.