How to show exact process name that wrote to disk?

Hello,

I am new to netdata and wonder if it is possible to see the process name that wrote to disk at a specific time. In this example, a process has written a lot of stuff to disk at 17:42:06, but the graph only shows “other”. How can I see the exact process name that caused this disk load?

Thank you for your help.

My system:

$ netdata -v
netdata v1.37.1
$ netdata -W buildinfo
Version: netdata v1.37.1
Configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib' '--libexecdir=/usr/lib' '--disable-cloud' '--enable-x86-sse' '--disable-exporting-prometheus-remote-write' '--enable-dbengine' '--enable-https' '--enable-plugin-cups' '--enable-plugin-nfacct' '--with-math' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/netdata-aGlU9O/netdata-1.37.1=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -O3' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -ffile-prefix-map=/build/netdata-aGlU9O/netdata-1.37.1=. -fstack-protector-strong -Wformat -Werror=format-security'
Install type: unknown
Features:
    dbengine:                   YES
    Native HTTPS:               YES
    Netdata Cloud:              NO (by user request)
    ACLK:                       NO
    TLS Host Verification:      YES
    Machine Learning:           NO
    Stream Compression:         YES
Libraries:
    protobuf:                YES (system)
    jemalloc:                NO
    JSON-C:                  YES
    libcap:                  YES
    libcrypto:               YES
    libm:                    YES
    tcalloc:                 NO
    zlib:                    YES
Plugins:
    apps:                    YES
    cgroup Network Tracking: YES
    CUPS:                    YES
    EBPF:                    NO
    IPMI:                    NO
    NFACCT:                  YES
    perf:                    YES
    slabinfo:                YES
    Xen:                     NO
    Xen VBD Error Tracking:  NO
Exporters:
    AWS Kinesis:             NO
    GCP PubSub:              NO
    MongoDB:                 NO
    Prometheus Remote Write: NO
Debug/Developer Features:
    Trace Allocations:       NO

Hi Daniel,

These charts are created by the so-called apps.plugin, which groups processes based on the process tree. You can customize the apps groupings, by going into /etc/netdata and running ./edit-config apps_groups.conf.

You can see my own modifications in this gist.

Hello Ralph,

thank you for your reply!

Unfortunately, this does not help, since this only works on processes which I am aware of. There are many users on the system, and they can basically work on their own, have their own batch scripts, etc. So, when a user is running a process which requires a lot of CPU and Disk usage, I would be interested in knowing which script this is. And if it is not running anymore, then I cannot see it in top or htop , so my hope was that I can see the process name in netdata’s history. Is there any “forensics” possible, any CSV export I can do, or do I really need to add every executable file (i.e. all files which have chmod +x) on the whole system into apps_groups.conf ?

Thanks for your help.