cockroach debug job-trace

On this page Carat arrow pointing down

We strongly recommend only using cockroach debug job-trace when working directly with the Cockroach Labs support team.

The cockroach debug job-trace command connects to your cluster and collects trace payloads for a running, traceable job (imports or backups). The trace payloads are helpful for debugging why a job is not running as expected or to add more context to logs gathered from the cockroach debug zip command.

The node that cockroach debug job-trace is run against will communicate to all nodes in the cluster in order to retrieve the trace payloads. This will deliver a zip file that contains trace files for all the nodes participating in the execution of the job. The files hold information on the executing job's trace spans, which describe the sub-operations being performed. Specifically, these files will contain the spans that have not yet completed and are associated with the execution of that particular job. Using this command for a job that is not currently running will result in an empty zip file.


$ cockroach debug job-trace <job_id> --url=<connection string> {flags}

See SHOW JOBS for details on capturing a job_id.


While the cockroach debug command has a few subcommands, users are expected to use only the zip, encryption-active-key, merge-logs, list-files, tsdump, and ballast subcommands.

We recommend using the encryption-decrypt and job-trace subcommands only when directed by the Cockroach Labs support team.

The other debug subcommands are useful only to Cockroach Labs. Output of debug commands may contain sensitive or secret information.


The debug job-trace subcommand supports the following general-use and client connection flags.


Flag Description
--timeout Return an error if the command does not conclude within a specified nonzero value. The timeout is suffixed with s (seconds), m (minutes), or h (hours). For example:


Client connection

Flag Description

The SQL user that will own the client session.

Default: root
--insecure Use an insecure connection.

Default: false
--cert-principal-map A comma-separated list of <cert-principal>:<db-principal> mappings. This allows mapping the principal in a cert to a DB principal such as node or root or any SQL user. This is intended for use in situations where the certificate management system places restrictions on the Subject.CommonName or SubjectAlternateName fields in the certificate (e.g., disallowing a CommonName like node or root). If multiple mappings are provided for the same <cert-principal>, the last one specified in the list takes precedence. A principal not specified in the map is passed through as-is via the identity function. A cert is allowed to authenticate a DB principal if the DB principal name is contained in the mapped CommonName or DNS-type SubjectAlternateName fields.
--certs-dir The path to the certificate directory containing the CA and client certificates and client key.

Default: ${HOME}/.cockroach-certs/
--url A connection URL to use instead of the other arguments.

Default: no URL


The cockroach debug job-trace command will output a zip file to where the command is run (<job_id> The zip file will contain trace files for all the nodes participating in the job's execution. For example, node1-trace.txt.

See the SHOW TRACE FOR SESSION page for more information on trace responses.


Generate a job-trace zip file

To generate the job-trace zip file, use your connection string to pull the trace spans:

cockroach debug job-trace 698977774875279361 --url=postgresql://root@localhost:26257?sslmode=disable

You will find the zip file in the directory you ran the command from:

See also

Yes No
On this page

Yes No