I've spent a little bit of time playing with some of the supplied tools, but when it comes to creating my own using eBPF, I'm almost completely at a blank. To some extent I just don't know a whole bunch about what there is in the kernel to hook in to.
I'd love to see some good tutorials, or websites that could help me get a handle on that side of things so that I can start to create useful tooling using it.
I imagine we'll get more detailed tutorials over time, especially as the dust settles on the API/interface (it's still improving, plus people are working on alternate front-ends).
Lastly, I'm using bcc on a regular basis at Netflix, and usually find the tools that exist are sufficient (a couple of days ago I traced a resource leak using stackcount and trace). When there's something extra I need, I add a tool to bcc. So yes, we should make tooling easy, but I hope a lot of the time people find that a tool already exists for what they need.
I've been using your tools on and off with our infrastructure. I work for part of Oracle, and we're using the Oracle UEK on our stuff, which tracks mainline a lot closer and gives good access to all these features. The product is still fairly young, so most of my focus has been elsewhere (crossing the Ts, dotting the Is), but I've been scribbling down thoughts of ways I can use eBFP to give me access to useful information across our fleets.
I'd love to see some good tutorials, or websites that could help me get a handle on that side of things so that I can start to create useful tooling using it.