How To Use the AppDynamics App in Splunk
AppDynamics is an application performance monitoring solution that helps you:
Identify problems such as slow and stalled user requests and errors in a production environment.
Troubleshoot and isolate the root cause of such problems by:
Mining performance data from AppDynamics and viewing it in Splunk using the AppDynamics Controller REST API.
Pushing notifications on policy violations and events from AppDynamics to Splunk so that a Splunk user can use those to launch deep dives in AppDynamics. See Getting Notifications From and Launching AppDynamics in Splunk.
These instructions assume that you are familiar with using both AppDynamics and Splunk.
Links within this file go to AppDynamics 4.2 documentation. If you are running an earlier version, use the Search feature to find the associated topics.
password
If you use a SaaS account, AppDynamics provides you with the required information.
- You have access to the AppDynamics documentation. When you trial or buy the product, AppDynamics provides access credentials to you.
- $SPLUNK_HOME is set to the directory where Splunk is installed.
In the metrics.conf file, add one section for each individual metric you want to mine from AppDynamics. You need the following:
For example, if you want to mine a metric called AverageResponseTime for the ViewCart.sendItems business transaction, the entry would be similar to this:
[ViewCart.sendItems_AverageResponseTime]
url = http://<controller-host>:<port>/controller/rest/applications/Acme%20Online%20Book%20Store/metric-data?metricpath=Business%20Transaction%20Performance%7CBusiness%20Transactions%7CECommerce%7CViewCart.sendItems%7CAverage%20Response%20Time%20(ms)&time-range-type=BEFORE_NOW&duration-in-mins=15
interval = 60
In the events.conf file, add one section for each individual event type you want to mine from AppDynamics. You need the following:
For example, if you want to mine events caused by application changes, the entry would look similar to this:
[Server.application_Changes]
url = http://<controller-host>:<port>/controller/rest/applications/Acme%20Online%20Book%20Store/events?time-range-type=BEFORE_NOW&duration-in-mins=15&event-types=APP_SERVER_RESTART,APPLICATION_CONFIG_CHANGE,APPLICATION_DEPLOYMENT&severities=INFO,WARN,ERROR
interval = 60
Restart splunk.
For metrics, an index called "appdynamics" is created.
For events, an index called "appdynamics_events" is created.
If the connection to the AppDynamics controller has to go through a proxy, you need to replace the following line
from the metrics.py and events.py
myhttp = httplib2.Http(timeout=10)
Replace the above line with
myhttp = httplib2.Http(timeout=10,proxy_info = httplib2.ProxyInfo(httplib2.socks.PROXY_TYPE_HTTP, 'localhost', 8000))
Please make sure to replace 'localhost' and 8000 with the correct proxy settings.
If the connection to the AppDynamics controller is over SSL, you can import the certificates by replacing the following
line from the metrics.py and events.py
myhttp = httplib2.Http(timeout=10)
Replace the above line with
myhttp = httplib2.Http(timeout=10,ca_certs = '<path_to_certificate>')
Please make sure to replace '<path_to_certificate>' with the correct path in your environment.
Add the following field extraction section to your $SPLUNK_HOME/etc/apps/search/default/props.conf file:
[source::http-simple]
EXTRACT-AppD = url="http[s]?:\/\/(?<nurl>[^"|]+)"
Add the following workflow action to your $SPLUNK_HOME/etc/apps/search/default/workflow_actions.conf file:
[LaunchAppD]
display_location = both
fields = url
label = Launch in AppDynamics
link.method = get
link.target = blank
link.uri = http://$!nurl$
type = link
The appdynamics splunkbase app depend on the open source library httplib2.
On an event in the Splunk Search App, click the blue pulldown and choose Launch in AppDynamics. See the screenshot above.
Always feel free to fork and contribute any changes directly via GitHub
Find out more in the AppSphere community.
For any questions or feature request, please contact AppDynamics Center of Excellence.
v4.2.5
* added support for ssl.
* cleaned up the path structure to use $SPLUNK_HOME.
* Commented out props.conf,transforms.conf and lookup_app,py and lookup_bt.py functionalities as the controller api in 4.2 now returns entity name information. Keeping it still there for compatibility reasons.
* Added more documentation.
* keeping the versions compatible with the controller releases.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.
