Monitoring for co-located containers in a host system

A monitoring system receives information from agents that monitors (e.g., unprivileged) containers, or applications in containers, executing across hosts to generate aggregated state information on a per-host basis. The system receives state information for each container, boot identifiers associated with the hosts of the container, and container identifiers. State information includes data describing the state of a container, or an application executing in the container. The boot identifier includes an identifier for a boot session of the host. The container identifier uniquely identifies each container. The monitoring system compares boot identifiers to determine containers that are co-located. If containers share a boot identifier, the monitoring system determines that the containers are co-located on the host that generated the boot identifier. If containers do not share boot identifiers, the monitoring system determines that the containers are not co-located, and can match each container having different boot identifiers to their respective hosts.