collecting unique values of system calls with sysdig

[Greg Mattson]

All,

I'd like to collect all system opens with sysdig as a system runs - however, I'm running into the issue where there is just too much output due to multiple opens of the same file.

I'd like therefore to impose on my sysdig run that it collects only the first occurrence of a file open, therefore, and have the option to store that information in a key value database, preferrably in an ssd somewhere so i'm not hitting ram.

I suppose that I could make my own solution via piping, but I was hoping that sysdig provided something like this.

Is there something like this available?

Thanks much for any info..