trace-cmd is essentially an extensive command-line 'wrapper' interface that hides the details of all the individual files in /sys/kernel/debug/tracing, allowing users to specify specific particular events within the /sys/kernel/debug/tracing/events/ subdirectory and to collect traces and avoiding having to deal with those details directly.
As yet another layer on top of that, kernelshark provides a GUI that allows users to start and stop traces and specify sets of events using an intuitive interface, and view the output as both trace events and as a per-cpu graphical display. It directly uses 'trace-cmd' as the plumbing that accomplishes all that underneath the covers (and actually displays the trace-cmd command it uses, as we'll see).
To start a trace using kernelshark, first start kernelshark:
root@sugarbay:~# kernelshark
The bring up the 'Capture' dialog by choosing from the kernelshark menu:
Capture | Record
That will display the following dialog, which allows you to choose on or more events (or even one or more complete subsystems) to trace:
![]() |
Note that these are exactly the same set of events described in the previous trace events subsystem section, and in fact is where trace-cmd gets them for kernelshark.
In the above screenshot, we've decided to explore the graphics subsystem a bit and so have chosen to trace all the tracepoints contained within the 'i915' and 'drm' subsystems.
After doing that, we can start and stop the trace using the 'Run' and 'Stop' button on the lower right corner of the dialog (the same button will turn into the 'Stop' button after the trace has started):
![]() |
Notice that the right-hand pane shows the exact trace-cmd command-line that's used to run the trace, along with the results of the trace-cmd run.
Once the 'Stop' button is pressed, the graphical view magically fills up with a colorful per-cpu display of the trace data, along with the detailed event listing below that:
![]() |
Here's another example, this time a display resulting from tracing 'all events':
![]() |
The tool is pretty self-explanatory, but for more detailed information on navigating through the data, see the kernelshark website.