Class: Trace
The trace object contains information about a distributed trace, which is
crucial for observability. Traces are made up of one or more spans, which are
individual units of work in application activity. Traces track the journey of a
request as it moves through various services in a system, capturing key details
like timing, status, and dependencies at each step. Traces provide insights
into system performance, helping to identify latency, bottlenecks, and issues
in complex, distributed environments.
URI: ocsf:Trace
classDiagram
class Trace
click Trace href "../Trace/"
Object <|-- Trace
click Object href "../Object/"
Trace : duration
Trace : end_time
Trace : flags
Trace : service
Trace --> "0..1" Service : service
click Service href "../Service/"
Trace : span
Trace --> "0..1" Span : span
click Span href "../Span/"
Trace : start_time
Trace : uid
Inheritance
- OcsfObject
- Object
- Trace
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| duration | 0..1 Integer |
The total time, in milliseconds, that the trace covers, calculated as the | direct |
| end_time | 0..1 TimestampT |
The end timestamp of the trace, essential for identifying latency and | direct |
| flags | * String |
The flags associated with the trace, used to indicate specific properties or | direct |
| service | 0..1 Service |
Identifies the service or component generating the trace, helping to track an... | direct |
| span | 0..1 Span |
Represents a single unit of work or operation within a distributed trace | direct |
| start_time | 0..1 TimestampT |
The start timestamp of the trace, essential for identifying latency and | direct |
| uid | 1 String |
The unique identifier of the trace used in distributed systems and | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| TraceProfile | trace | range | Trace |
| ApiActivity | trace | range | Trace |
| HttpActivity | trace | range | Trace |
In Subsets
Aliases
- Trace
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Trace |
| native | ocsf:Trace |
LinkML Source
Direct
name: Trace
description: 'The trace object contains information about a distributed trace, which
is
crucial for observability. Traces are made up of one or more spans, which are
individual units of work in application activity. Traces track the journey of a
request as it moves through various services in a system, capturing key details
like timing, status, and dependencies at each step. Traces provide insights
into system performance, helping to identify latency, bottlenecks, and issues
in complex, distributed environments.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Trace
is_a: Object
slots:
- duration
- end_time
- flags
- service
- span
- start_time
- uid
slot_usage:
duration:
name: duration
description: 'The total time, in milliseconds, that the trace covers, calculated
as the
difference between start_time and end_time. This duration helps assess the
overall performance of a request as it travels across various services, and
is
essential for identifying latency and potential bottlenecks within the
distributed system. The trace duration may differ from individual span
durations due to the propagation and processing times of the trace as it spans
multiple components.'
end_time:
name: end_time
description: 'The end timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the start time, this timestamp is normalized
across the trace system to ensure consistency, even when events are recorded
across distributed services with unsynchronized clocks. Normalized time allows
for accurate trace duration calculations and helps observability tools track
overall performance across services, regardless of the individual system time
settings.'
flags:
name: flags
description: 'The flags associated with the trace, used to indicate specific properties
or
behaviors, such as whether the trace is sampled or if it has special handling.
Flags help control how traces are processed, logged, and analyzed, providing
valuable context for tracing and observability tools in identifying trace
characteristics or specific tracking requirements.'
service:
name: service
description: 'Identifies the service or component generating the trace, helping
to track and
correlate the flow of requests through various parts of a distributed system.
This information is essential for understanding the role and performance of
specific services within the broader context of system operations and for
diagnosing issues across different components.'
span:
name: span
description: 'Represents a single unit of work or operation within a distributed
trace. A
span typically tracks the execution of a request across a service, capturing
important details such as the operation, timestamps, and status. Spans help
break down the overall trace into smaller, manageable parts, enabling detailed
analysis of the performance and behavior of specific operations within the
system. They are crucial for understanding latency, dependencies, and
bottlenecks in complex distributed systems.'
start_time:
name: start_time
description: 'The start timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the end time, this timestamp is normalized across
the trace system to ensure consistency, even when events are recorded across
distributed services with unsynchronized clocks. Normalized time enables
accurate trace duration calculations and helps observability tools track
performance across services, regardless of the individual system time settings.'
uid:
name: uid
description: 'The unique identifier of the trace used in distributed systems and
microservices architecture to track and correlate requests across various
components of an application.'
required: true
Induced
name: Trace
description: 'The trace object contains information about a distributed trace, which
is
crucial for observability. Traces are made up of one or more spans, which are
individual units of work in application activity. Traces track the journey of a
request as it moves through various services in a system, capturing key details
like timing, status, and dependencies at each step. Traces provide insights
into system performance, helping to identify latency, bottlenecks, and issues
in complex, distributed environments.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Trace
is_a: Object
slot_usage:
duration:
name: duration
description: 'The total time, in milliseconds, that the trace covers, calculated
as the
difference between start_time and end_time. This duration helps assess the
overall performance of a request as it travels across various services, and
is
essential for identifying latency and potential bottlenecks within the
distributed system. The trace duration may differ from individual span
durations due to the propagation and processing times of the trace as it spans
multiple components.'
end_time:
name: end_time
description: 'The end timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the start time, this timestamp is normalized
across the trace system to ensure consistency, even when events are recorded
across distributed services with unsynchronized clocks. Normalized time allows
for accurate trace duration calculations and helps observability tools track
overall performance across services, regardless of the individual system time
settings.'
flags:
name: flags
description: 'The flags associated with the trace, used to indicate specific properties
or
behaviors, such as whether the trace is sampled or if it has special handling.
Flags help control how traces are processed, logged, and analyzed, providing
valuable context for tracing and observability tools in identifying trace
characteristics or specific tracking requirements.'
service:
name: service
description: 'Identifies the service or component generating the trace, helping
to track and
correlate the flow of requests through various parts of a distributed system.
This information is essential for understanding the role and performance of
specific services within the broader context of system operations and for
diagnosing issues across different components.'
span:
name: span
description: 'Represents a single unit of work or operation within a distributed
trace. A
span typically tracks the execution of a request across a service, capturing
important details such as the operation, timestamps, and status. Spans help
break down the overall trace into smaller, manageable parts, enabling detailed
analysis of the performance and behavior of specific operations within the
system. They are crucial for understanding latency, dependencies, and
bottlenecks in complex distributed systems.'
start_time:
name: start_time
description: 'The start timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the end time, this timestamp is normalized across
the trace system to ensure consistency, even when events are recorded across
distributed services with unsynchronized clocks. Normalized time enables
accurate trace duration calculations and helps observability tools track
performance across services, regardless of the individual system time settings.'
uid:
name: uid
description: 'The unique identifier of the trace used in distributed systems and
microservices architecture to track and correlate requests across various
components of an application.'
required: true
attributes:
duration:
name: duration
description: 'The total time, in milliseconds, that the trace covers, calculated
as the
difference between start_time and end_time. This duration helps assess the
overall performance of a request as it travels across various services, and
is
essential for identifying latency and potential bottlenecks within the
distributed system. The trace duration may differ from individual span
durations due to the propagation and processing times of the trace as it spans
multiple components.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Duration Milliseconds
rank: 1000
alias: duration
owner: Trace
domain_of:
- Span
- Timespan
- Trace
- FirewallRule
- BaseEvent
- ScanActivity
range: integer
end_time:
name: end_time
description: 'The end timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the start time, this timestamp is normalized
across the trace system to ensure consistency, even when events are recorded
across distributed services with unsynchronized clocks. Normalized time allows
for accurate trace duration calculations and helps observability tools track
overall performance across services, regardless of the individual system time
settings.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- End Time
rank: 1000
alias: end_time
owner: Trace
domain_of:
- Span
- Timespan
- Trace
- NetworkTraffic
- UnmannedSystemOperatingArea
- MalwareScanInfo
- BaseEvent
- ScanActivity
- Finding
- IncidentFinding
range: TimestampT
flags:
name: flags
description: 'The flags associated with the trace, used to indicate specific properties
or
behaviors, such as whether the trace is sampled or if it has special handling.
Flags help control how traces are processed, logged, and analyzed, providing
valuable context for tracing and observability tools in identifying trace
characteristics or specific tracking requirements.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Flags
rank: 1000
alias: flags
owner: Trace
domain_of:
- Request
- Response
- Trace
- DceRpc
- DnsAnswer
range: string
multivalued: true
service:
name: service
description: 'Identifies the service or component generating the trace, helping
to track and
correlate the flow of requests through various parts of a distributed system.
This information is essential for understanding the role and performance of
specific services within the broader context of system operations and for
diagnosing issues across different components.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Service
rank: 1000
alias: service
owner: Trace
domain_of:
- QueryEvidence
- Span
- Trace
- Api
- MessageContext
- ServiceQuery
- Authentication
range: Service
span:
name: span
description: 'Represents a single unit of work or operation within a distributed
trace. A
span typically tracks the execution of a request across a service, capturing
important details such as the operation, timestamps, and status. Spans help
break down the overall trace into smaller, manageable parts, enabling detailed
analysis of the performance and behavior of specific operations within the
system. They are crucial for understanding latency, dependencies, and
bottlenecks in complex distributed systems.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Span
rank: 1000
alias: span
owner: Trace
domain_of:
- Trace
range: Span
start_time:
name: start_time
description: 'The start timestamp of the trace, essential for identifying latency
and
performance bottlenecks. Like the end time, this timestamp is normalized across
the trace system to ensure consistency, even when events are recorded across
distributed services with unsynchronized clocks. Normalized time enables
accurate trace duration calculations and helps observability tools track
performance across services, regardless of the individual system time settings.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Start Time
rank: 1000
alias: start_time
owner: Trace
domain_of:
- Span
- Timespan
- Trace
- NetworkTraffic
- UnmannedSystemOperatingArea
- MalwareScanInfo
- BaseEvent
- ScanActivity
- Finding
- IncidentFinding
range: TimestampT
uid:
name: uid
description: 'The unique identifier of the trace used in distributed systems and
microservices architecture to track and correlate requests across various
components of an application.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Trace
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
required: true