diff --git a/observation/src/threadsnoop/threadsnoop.bpf.c b/observation/src/threadsnoop/threadsnoop.bpf.c
new file mode 100644
index 0000000000000000000000000000000000000000..2b0ce80a71e0f6dee88b81cf2d4be553c7f340bc
--- /dev/null
+++ b/observation/src/threadsnoop/threadsnoop.bpf.c
@@ -0,0 +1,27 @@
+// SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
+#include "vmlinux.h"
+#include <bpf/bpf_core_read.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_helpers.h>
+#include "threadsnoop.h"
+#include "compat.bpf.h"
+
+SEC("uprobe")
+int BPF_KPROBE(pthread_create, void *arg1, void *arg2, void *(*start)(void *))
+{
+	struct event *event;
+
+	event = reserve_buf(sizeof(*event));
+	if (!event)
+		return 0;
+
+	event->pid = bpf_get_current_pid_tgid() >> 32;
+	bpf_get_current_comm(&event->comm, sizeof(event->comm));
+	event->function_addr = (__u64)start;
+	submit_buf(ctx, event, sizeof(*event));
+
+	return 0;
+}
+
+char LICENSE[] SEC("license") = "GPL";
+
diff --git a/observation/src/threadsnoop/threadsnoop.c b/observation/src/threadsnoop/threadsnoop.c
index 90a090a16037935ffea0ed66d778b0ad9c1615fc..92b0ea1b9504ed9d0a8cc5d005490b081e162547 100644
--- a/observation/src/threadsnoop/threadsnoop.c
+++ b/observation/src/threadsnoop/threadsnoop.c
@@ -200,6 +200,16 @@ int main(int argc, char *argv[])
 	}
 	
 	printf("%-10s %-6s %-16s %s\n", "TIME(ms)", "PID", "COMM", "FUNC");
+        
+	while (!exiting) {
+		err = bpf_buffer__poll(buf, POLL_TIMEOUT_MS);
+		if (err < 0 && err != -EINTR) {
+			warning("Error polling ring/perf buffer: %d\n", err);
+			goto cleanup;
+		}
+		/* reset err to 0 when exiting */
+		err = 0;
+	}
 
 cleanup:
 	bpf_buffer__free(buf);