// Distributed trace analysis via Jaeger — cross-service causal chain construction, latency bottleneck identification, error propagation tracking. Provides 4 trace query tools and decision trees for investigating cascading failures across microservices.
Kubernetes administration and troubleshooting — covers pod debugging (CrashLoopBackOff, OOMKilled, ImagePullBackOff, Pending), node issues, CNI/networking, CoreDNS, PVC/storage, HPA/VPA autoscaling, and EKS-specific patterns. Includes decision trees for common failure modes.
Read and analyze documents — PDF, DOCX, Markdown, HTML, CSV, XLSX, JSON, YAML. Provides read_document tool with no output truncation and page-range support for PDFs. Use when the user shares a document or asks to explain, summarize, or extract information from files.
Fetch open web data — cloud status pages, documentation, API endpoints, changelogs, and CVE databases. Provides web_fetch tool for HTTP GET with security controls (private IP blocking, size limits, timeout). Use for checking service status pages, reading upstream documentation, or fetching public API data during investigation.
AWS security posture assessment and incident response — covers IAM analysis (overprivileged roles, unused credentials, MFA gaps), Security Hub findings, GuardDuty threats, Inspector vulnerabilities, S3 public access, SG/NACL misconfigurations, KMS key rotation, WAF rules, Config compliance, and CloudTrail integrity.
Send notifications and distribute formatted reports to channels (Feishu, Slack, Email, SES, SNS, DingTalk, WeCom, Webhook). Supports batch multi-channel delivery with format-aware conversion (HTML, PDF, Markdown). Activate to gain send and distribute tools.
Local filesystem operations — read configs, tail logs, search files, list directories, inspect file metadata, and write files. Provides secure access to local operational artifacts (Terraform, CloudFormation, Kubernetes manifests, systemd units, nginx configs, application properties, log files). Includes security blocklists for sensitive files.
| name | distributed-tracing |
| description | Distributed trace analysis via Jaeger — cross-service causal chain construction, latency bottleneck identification, error propagation tracking. Provides 4 trace query tools and decision trees for investigating cascading failures across microservices. |
| metadata | {"author":"agenticops","version":"1.0","domain":"observability"} |
| tools | ["agenticops.tools.trace_tools.query_traces","agenticops.tools.trace_tools.get_trace_detail","agenticops.tools.trace_tools.get_service_dependencies","agenticops.tools.trace_tools.find_error_traces"] |
When this skill is activated, 4 trace query tools are dynamically registered:
| Tool | Purpose | Key Args |
|---|---|---|
query_traces | Find traces for a service (summary list) | service, lookback, operation, min_duration, limit |
get_trace_detail | Full span tree for a trace ID | trace_id |
get_service_dependencies | Service-to-service call graph | lookback |
find_error_traces | Error traces grouped by origin service | service, lookback, limit |
Activate when the issue involves ANY of:
Do NOT activate for:
Alert: "frontend HighErrorRate" or "HighLatencyP99"
│
├── Step 1: get_service_dependencies()
│ → Understand the full call graph: who calls whom?
│
├── Step 2: query_traces(service="frontend", lookback="15m", min_duration="1s")
│ → Find slow traces — which traces are taking > 1s?
│
├── Step 3: get_trace_detail(trace_id=SLOWEST_TRACE)
│ → See the full span tree — WHERE is the time being spent?
│ → Look for the SLOWEST span — that's the bottleneck
│
│ Example span tree:
│ frontend: /checkout [5.2s] OK
│ ├── checkoutservice: /PlaceOrder [4.8s] OK
│ │ ├── cartservice: /GetCart [4.5s] ERROR ← majority of time
│ │ │ └── redis-cart: GET [4.2s] ERROR ← ROOT CAUSE
│ │ └── productcatalogservice: /GetProduct [50ms] OK
│ └── currencyservice: /Convert [30ms] OK
│
├── Step 4: find_error_traces(service="frontend")
│ → Confirm error pattern: which downstream service has most errors?
│
└── Conclusion: Root cause is redis-cart (4.2s timeout),
NOT frontend (which is just the symptom)
Alert: "Service X intermittent 5xx"
│
├── Step 1: query_traces(service="X", lookback="30m")
│ → Compare successful vs failed traces
│
├── Step 2: get_trace_detail(FAILED_TRACE_ID)
│ → Find where the error occurs in the chain
│
├── Step 3: get_trace_detail(SUCCESSFUL_TRACE_ID)
│ → Compare — what's different? Different path? Different downstream?
│
└── Common patterns:
- Load balancer routing to unhealthy backend
- Connection pool exhaustion (some requests get pooled conn, others timeout)
- Retry storms (downstream overload causes more retries → more overload)
Alert on service A, but service A pods/metrics look healthy
│
├── Step 1: get_service_dependencies()
│ → Discover: A → B → C → D (chain you didn't know about)
│
├── Step 2: find_error_traces(service="A")
│ → Error origins show: D has 95% of errors, not A
│
├── Step 3: get_trace_detail(ERROR_TRACE_ID)
│ → Confirms: D is the fault origin, errors propagate D → C → B → A
│
└── Conclusion: Investigate service D, not A
| Signal | Meaning |
|---|---|
| SLOWEST span deep in the tree | Downstream bottleneck — root cause is the slow service |
| ERROR on leaf span only | Single point of failure — error originates at the leaf |
| ERROR propagating up the tree | Cascading failure — fix the deepest ERROR first |
| One branch slow, others fast | Isolated issue in one dependency path |
| All branches slow | Possible network issue or shared resource (DB, cache) saturation |
Jaeger uses the error=true tag on spans. Additional context from:
http.status_code: HTTP response code (500, 503, 504)otel.status_code: OpenTelemetry status (ERROR)otel.status_description: Error message text| Evidence | Confidence Boost |
|---|---|
| Trace shows clear bottleneck (>80% of total duration in one span) | +0.3 |
| Multiple error traces point to same downstream service | +0.2 |
| Service dependency graph confirms the affected path | +0.1 |
| Trace evidence correlates with metric anomaly timing | +0.2 |
Example: Without traces, confidence might be 0.4 (speculation). With traces showing redis-cart as bottleneck across 15/20 error traces: 0.4 + 0.3 + 0.2 + 0.1 = 0.9 (high confidence).