If you’re trying to evaluate and understand the ROI of building an observability practice and carve out a budget for it, you’re not alone. You’ve probably got some monitoring and metrics capability already, but that’s proving to not be enough–how can you empower your teams as your environment becomes too complex for the basics? And how much will that cost?

Recent Linux kernel releases are coming weaponized with built-in instrumentation framework that has its roots in what historically was approached as BPF (Berkeley Packet Filter) – a very efficient network packet filtering mechanism which aims to avoid unnecessary user space allocations and operate on packet’s data directly in kernel land. The most familiar application of BPF powers is related to filter expressions used in tcpdump tool.

Today we’ve announced that we’ve officially added eBPF instrumentation to extend container observability with Sysdig monitoring, security and forensics solutions. eBPF – extended Berkeley Packet Filter – is a Linux-native in-kernel virtual machine that enables secure, low-overhead tracing for application performance and event observability and analysis.

Observing modern applications is challenging. Microservices allow for applications that are not only more distributed but are made up of a number of different languages, frameworks, and backend services. DevOps teams have far greater flexibility in where and how they deploy applications,but when it comes time to collect logs, this flexibility can quickly become a hurdle.

What should one pay for observability? How much observability is enough? How much is too much, or is there such a thing? Is it better to pay for one product that claims (dubiously) to do everything, or twenty products that are each optimized to do a different part of the problem super well? It’s almost enough to make a busy engineer say “Screw it, I’m spinning up Nagios”. (Hey, I said almost.)

Sematext provides a single pane of glass and machine learning powered alerts for logs, metrics, traces and user experience data. Sematext Cloud provides advanced monitoring, logging and tracing for all Docker platforms such as Docker EE, Kubernetes, GKE, AWS ECS, and IBM Cloud. Sematext’s new monitoring agent leverages the powerful eBPF Linux kernel observability functionality and uses the Kubernetes API to enrich the container and cluster level metrics.

You probably know that Honeycomb is the most flexible observability tool around. Its powerful high-cardinality search makes working with real raw data quick and easy. But as you may have learned through hard experience, fetching those dots can still be quite a challenge.