This Application enables a seamless way to store Business Transactions and Alerts in Splunk for further analysis by correlating your Splunk data with Dynatrace APM Business Transaction data.
- Zero Configuration with out-of-the-box
- Stream real-time Business Transaction data to Splunk
- All transactions 24/7
- End User Perspective
- Discrete Business aware transactions
- Push Baseline violations, smart alerts & application exceptions to Splunk
- Push Application, Business Transaction and Infrastructure metrics to Splunk
- Launch the Dynatrace AppMon client for a single transactions and alerts from within Splunk
- Drill-down to root-cause, export & share with your team
APM with Dynatrace Splunk Application
Michael Villiger (Current Owner)
Rajesh Jain / Michael Kopp (previous owners/maintainers)
Release Notes v2.3.0
- Updated bundled Dynatrace Big Data Business Transaction Bridge from 1.0 to v1.1.1 which includes Flume 1.6.0
- Refactored Visits On a Map dashboard to use Simple XML and no longer depend on Google Maps and MAXMIND plugins, visualizations in this version of the plugin utilize built-in Splunk functionality with no external dependencies
- Updated Flume start script to properly enumerate filesystem locations of classpath entries in certain edge cases
- Updated inputs.conf to include a default time_before_close value of 60 to avoid indexing of partially written events
Splunk App Store: http://apps.splunk.com/app/1593/
Release Notes v2.2.4
Only update of logo
Splunk App Store: http://apps.splunk.com/app/1593/
Release Notes v2.2.3
The APM with Compuware dynaTrace , Splunk App Version 2.2.3 is available on the Splunk App Store http://apps.splunk.com/app/1593/
- Updated Flume start script to fix Windows issue with flume.pid not being available
- Updated Dashboard script to utilize environment variables for Dynatrace username and password
Release Notes v2.2.1
- Changed the startup script for flume to check for an existing flume instance before starting a new one.
- Cleanup preformed on distributed package.
- Directories renamed in according with current Splunk app requirements.
Note, since the directory the application resides in has changed it is recommended that you delete the existing application directory ($SPLUNK_HOME/etc/apps/APM_dynatrace) otherwise the application will appear twice within the Splunk interface.
Release Notes v 2.1
In this release we have changed the startup script of flume server and the input scripts for Splunk. We use python scripts which are platform independent. You will see only three scripts runFlume.py, runDashboard.py and cleanFlume.py in this version which replaces all the previous bat/sh/curl scripts and processes
In case you are using the Google Maps Plugin, there are some config / permission issues with the GeoLiteData.dat file which may not allow you to use the maps view with this app. But you can install the Google Maps Plugin and search within that App context for dynaTrace visits.
Release Notes v 2.0
The APM with Compuware dynaTrace , Splunk App Version 2.0 is available on the Splunk App Store http://apps.splunk.com/app/1593/
V 2.0 has major changes in the OOB Dashboards which are populated with APM data from Compuware dynaTrace.
Application at Glance : Gives you at glance view of the Applications, Visitors and Critical Transactions
Visitors on a Map: Gives you a geographical view of your visitors, with the ability to zero on a single visit
Key Analytic Metrics: Allows you to share analysis APM data for business analysis and effectiveness of your web/app properties
Transaction Activity Data and User Activity Data: Gives you a timeline view of your transactions, so you can understand at what time of the day certain transactions are heavily used or not.
The Splunk App also has a pivot data model to start with, which an be used to create models around User Activity, Visits and Transaction Health and leverage the Splunk platform for Analysis.
The Splunk App for Linux platform has a cleanup script to clean the log files once they have been ingested.
You will need CompuwareAPM dynaTrace 5.5 with enabled Business Transaction Export. You will also need a recent version of Splunk, this Application has been tested with Splunk 6 Windows and Linux! You Splunk box needs to have Java 6 or higher installed.
Quick Start Guide - Three Easy Steps
Step 1: Install the Splunk App from the App Store
Download the APM_dynaTrace file from the attachments or from the Splunk Store http://apps.splunk.com/app/1593/
Open Splunk, Click on Splunk Icon -> Manage Apps and Install app from file.
Step 2: Enable Business Transactions Feed
Open dynaTrace Client -> Server Settings -> (Export) Business Transaction Feeds
Insert the URL of the Flume (Splunk) server. The default port of the flume server running on the Splunk server is 4321
Step 3: Export Business Transactions
Select the Business Transactions you would like to export, edit the Business Transaction and select export results.
Good Luck, you should start seeing data in APM with Compuware dynaTrace App for Splunk
Detail Setup Guide
Install Compuware APM Splunk Application
Use the Splunk Web UI to install the APM with dynaTrace Splunk Application. You can simply install the APM with Compuware dynaTrace Splunk App as is. Once ready the app will begin listening for data on the designated host inside 5 minutes after install.
The Splunk Application contains the Big Data Business Transaction Bridge with a specialized flume configuration. You can edit it by going to $SPLUNK_HOME/etc/apps/compuwareapm/bin. Per default it will listen on port 4321, which you can change. It will write the data to the log directory in the application folder.
Adapt Log directory and configure cleanup
Default directory for the log files are in $SPLUNK_HOME/etc/apps/compuwareapm/log
On Linux we have a cleanFlume.sh which cleans the log files from this location after injestion.
You can change the log directory by modifing the flume.conf file in the Applications bin directory. The respective settings are
One appropriate directory on a Linux system would be /var/log/dynatrace. You could then use the Linux service logrotate with rotate option 0 (delete and not rotate) to cleanup old data on a daily or weekly basis. On A Windows system you can do something similar with a Scheduled delete of old files.
Enable Business Transaction Feed
See Real Time Business Transactions Feed on how to enable this feature. You should set the host and port to the host that runs the Splunk Application and use the default port 4321 unless you have changed it.
Business Transaction Data in Splunk
Default Report and Business Transactions
The Splunk Application contains a Default View called "Top Countries". It shows the top converted countries, Top Landing pages and their conversion rate and the Exit Pages with conversion rates. In order for this to work add the two Business Transactions from the Splunk Business Transactions template profile to your own System Profile:
- Detailed Visit Data
- Detailed User Actions
Enable and use Business Transactions
By simply enabling the HTTP export of any Business Transactions you can now use them in splunk. The Splunk Application distinguishes between 4 source types
- pp - PurePath
- pa - PageAction (Client Action)
- visit - Visit
- alert - Alert
you can select for them easily by using the sourcetype=pp query expression in splunk
All fields are automatically discovered.
Searching for particular Business Transaction Splittings
In the Export of Business Transactions splittings are called dimensions. Accordingly you can search for any dimension in splunk by filtering by the specific dimension. e.g. if you export the easyTravel Business Transaction easyTravel Bookings by Location you can search for locations via an expression like this
You can also look at the top locations by revenue
Correlating Visits, ClientActions and PurePaths and Aggregating data
Splunk has a very comprehensive query language that allows many aggregations that we know from SQL and BI tools. With this you can correlate a Visit with its respective Client Actions and PurePath by using the fields shared among them (e.g. the visitId). You can aggregate measures across different dimensions and do complex statistical analysis.
Sending Alerts to Splunk
To send alerts to splunk you need to install the attached CompuwareAPM dynaTrace Splunk Alert Plugin. Once done you can use this plugin to export any alert. Simple go to the Incident, switch to the Actions tab and click on Advanced Configuration. You can then add the Splunk Action as an Incident Action
Set the url to http://<splunk_host>:4321/. Change the host and port accordingly.
Pulling Measurement data into Splunk
This Splunk Application uses the dynaTrace Server REST API to query dashboards and pull the measurement data from them into Splunk. to activate this you need to edit the runDashboard.sh/.bat inside the CompuwareAPM Splunk Application Directory
- Change the DTSERVER, USER and PWD variables according to your dynaTrace setup
- Change the DASHBOARD to the name of the dashboard you want to use.
The script will then pull the dashboard periodically (every 5 minutes on default) and retrieve the measurement data in JSON format.
If you want to retrieve multiple dashboards or from different servers simply copy/paste the script lines that do the rest and xslt call.
Drill down to dynaTrace
One of the features of this Splunk Application is that you can drill down from an alert or Business Transaction from Splunk into dynaTrace. In order to do this for Business Transactions you need to enable the PurePath Data export in a particular Business Transaction.
The Splunk events will then contain the purePathId. If this is there you will be able to use the Drill down to CompuwareAPM to open the PurePath in your local dynaTrace client. This requires that you the client is already running and connected to the correct dynaTrace Server.
You can do the same for Alerts.
In both cases the CompuwareAPM dynaTrace client must be already running on your local machine!
Questions & Ideas
If you have questions or ideas for this Splunk Application please post it in our Plugin Forum