eBPF-based OpenTelemetry tracing

Better Stack Team
Updated on March 19, 2026

Today, we're introducing eBPF-based OpenTelemetry tracing alongside a remotely controlled Better Stack collector. eBPF is ready for prime time. Here's the playbook for adopting it.

1773916927703.jpeg

What's eBPF?

The Extended Berkeley Packet Filter is a Linux kernel technology that lets you run sandboxed programs inside the kernel safely and efficiently. Thanks to eBPF, you can now instrument your clusters with OpenTelemetry without changing any application code.

The eBPF ecosystem has matured significantly over the past few months and many Better Stack customers are already using it in production.

Until now, deploying eBPF to production has been tricky. We're simplifying it today by bundling the best of the open source eBPF sensors into a single remotely controlled Better Stack collector you can deploy with a single command.

Better Stack collector gives you granular control over what exactly gets instrumented. Get the service map of your cluster, RED metrics for individual services, see network flows, and aggregate your application and system logs out of the box. Without changing any code.

Observability tools are only useful if you actually ingest all relevant data. Today, we're making that simpler and more convenient than ever.

The eBPF OpenTelemetry playbook™

Do the easy thing before doing the hard thing

  1. Start in your staging environment.
  2. Deploy the eBPF collector into your distributed cluster.
  3. In 98% of cases: Declare victory, your app is now instrumented.
  4. In 2% of cases: You notice a particular service has slowed down. For example, the CPU utilization on a high-throughput Redis instance handling millions of operations per second got noticeably higher. Better be safe, so you disable eBPF for this single instance while keeping it enabled for the other 98% of services.
  5. If needed, use the OpenTelemetry SDK auto-instrumentation to instrument the last 2% of applications.

Most teams today still start with step 5. If you're revisiting your observability stack, we encourage you to give eBPF a chance: it has matured significantly and is better than you might expect.

Better Stack encourages combining OpenTelemetry traces from the OTel SDK, eBPF, and your frontend. That's the only way to get the clearest picture of what's actually happening in your application.

Learn more at betterstack.com/tracing.

Got an article suggestion? Let us know
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.