Basically for this customer the user name parameter only exist in the POST request body during login (https:blabla.gov.sg/porlogin), after that a unique SSID will be generated and further web requests will be tagged with it. Long story short, the user name and the SSID are mutually exclusive and we're using client IP address to correlate the entire user activity for a particular client. See image below:
However, although we already expected that from the exact user name (S8.....9B) we will not see the entire user activity of a particular client, we still expect that there will be at least 1 request (from the login operations: https:blabla.gov.sg/porlogin) but we see zero data (as seen in the image). This happens irregularly as some will have the expected request while some have zero data. Not sure what caused the discrepancy. Would appreciate if anyone can shed light to this.
Solved! Go to Solution.
Let me better understand the situation: do you mean that username recognition generally works and situation like on above image (that there is no operations for recognized username) happens from time to time?
Because of how we capture the user name through a POST request body, we are expecting all user names to show one operation when drill down to user activity DMI report: https://blabla.gov.sg/porlogin (This is the only URL that contains the POST request body). However when we look at the client list, we see that some user name would have the expected operation (We would at least see data in the requests breakdown column) but some would show zero data (0 in requests breakdown column, - for application performance and operation time with breakdown column, no user activity when drill down from user name).
With that being said, we left the content types configuration as it is, because my impression is that since this is just a HTTP/HTTPS type operation. I'm not sure if I'm correct with my assumption?
What I was after was the situations where you have data seen but no operations. I would recommend taking a trace and carefully looking at the process and then check that the things going on are also configured to be moniotred (i.e. prtocol & content).
Also - if it is HTTPs - check that the SSL key and the cipher works. https://community.compuwareapm.com/community/display/DCRUM123/Troubleshooting+SSL+Monitoring+Issues
Thanks Ulf. I went through your suggestion to check if the SSL traffic is decrypted correctly, and found nothing out of the blue. It happens to be the customer did not turn on "Report URL after redirect" and "Report redirect as page". Now we see most usernames are tied with at least the login operation.
Just an update in case you're facing the same issue in the future:
After turning on "Report URL after redirect" in global settings and "Report redirect as page" in Software Service > Edit Rule > HTTP options, most of the usernames are now correlated with operations. Only a handful of records are still showing zero data, which is normal because those might consists of standalone hits. Standalone hits refers to hits that are not associated with any operation, such as orphaned redirects, unauthorized hits or discarded hits which did not receive a server response.
Sorry for not getting back to you earlier, but I'm happy to hear that you sorted it out.
For what has left the other possibility is that you have monitoring persistent sessions turned on (do you?) and in case of having duplicated packets in the traffic especially for these that ends TCP session this may create new, one packet "session" that is not assigned with any username by AND and CAS supplements it with client IP. If that is your case we can merge it (under particular conditions) into "usernamed sessions".
Thanks Adam! Yeah we do have monitoring persistent sessions turned on. Great info!
In this case the customer has a particular login method which upon login, it will redirect to a third party service for authentication before headed back to their web servers. Without those settings turned on CAS will never report them as a page... I was digging through the forum and I found something similar to my situation, expect it's about operations with no metrics at all.
They're actually using .NET IIS for their application.