I have a problem that I solved quite some times in the past already: User actions not linked to backend traces. But this time I'm stuck and I have no clue why. I can't figure it out and have checked all common reasons described here.
This is the setup of my customer:
Up to now there was only manual injection since auto-injection didn't work due to server side rendering/caching. But we figured that out and injection works in auto-mode now.
We do have full traces on the backend from the istio ingress down to nodeJS and other services. We also have user actions, but they are never linked (also with manual injection that didn't work).
I first thought it is a issue with the cookie domain. Since the nodeJS process where the injection happens has no knowledge of which was the original host/domain. We have set a custom host detection rule that takes a custom header to ensure the application detection works.
This header is not a domain though, it is just a string. e.g. we read the value of X-Rail "lz" and the appdection rule just matches on that string. Maybe that is an issue?
However, the agent is injected (Cookie domain is set properly) and the beacon signal goes back to DT SaaS, see below bf?... requests pass and get a OK response. I can see user actions in the application.
But no user action is linked to any backend request.
My thoughts:
1) the first 2 tiers after the browser/cloudflare are istio envoys (no RUM supported there) the next tier is either netty/vert.x or nodeJS (RUM trace linking should work there). But the OneAgent on those tiers will never find a host that reflects the actual domain (as there is no X-Forwarded-For or similar header sent over.
Is that host information required for linking?
(what kind of points in that direction is the fact that if I specifically send the beacon signal to the nodeJS/graphql route to let the oneagent handle it I get a FL(OA) response on beacon POSTs ... wondering what it means and why that is the case)
2) Any DT specific headers are getting dropped along the way. But I cannot find out which ones, it all seems fine, there is no config that would remove any headers (according to the service owners)
If you have any idea what I could have missed, I would appreciate it!
Hello r_weber,
Did you find a solution for this? Also facing the same issue. We have an istio ingress that takes traffic calls the istio sidecar for a given app and then returns the response. We can see the traces from the ingress to the app but Dynatrace can't connect the ingress to the RUM web app.
OneAgent version1.295.66.20240805-161707
Installer version1.295.66.20240805-161707
Istio - 1.19
Envoy - "version": "a1ff538a63890e27dd2add4b2680ba8dc49293ca/1.27.1-dev/Clean/RELEASE/BoringSSL"
Another thing to note is that, if I do a straight port forward to the app the RUM app and the services get connected. So my auto injection into the webapp works as expected. So I'm thinking that maybe oneagent is not monitoring the Istio ingress correctly? Not able to relate the call with the istio service?
Featured Posts
