• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home
  • Public Forums
  • Application Monitoring & UEM
  • AppMon & UEM Open Q&A
avatar image
Question by Ty C. · Aug 10, 2011 at 09:40 PM ·

Filtering by Client IP

Is there a way to filter the purepaths by Client IP address?    It seems that it is not an option when selecting the Web Request tab under Filters.

I only see the options of URI and Query under WebRequest.

Thanks

Ty

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

5 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Edwin R. · Jun 26, 2014 at 05:27 PM

i am still stuck with creating a simple business transaction based on client ip passed in the purepath information (we do not have UEM activated yet).

could you please describe a way how to create a business transaction which is filtering for all client IPs and their count by time?

Thanks

 

Comment

People who like this

0 Show 3 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Roman S. · Jun 26, 2014 at 05:49 PM 0
Share

Hi Edwin,

If you use the Server Side Performance - Transaction Based Measures - Business Transaction Evaluation/Filter/Splitting Values - Web Requests - Client IP measure you should not require UEM to be activated.

Filtering for all client IPs - do you mean you want the BT to split by client IP and show a count for each unique IP address? Doing that will result in potentially very large number of splittings, so when you do that make sure you are not storing that BT in the performance warehouse!

Best, Roman

avatar image Edwin R. Roman S. · Jun 26, 2014 at 07:08 PM 0
Share

hi Roman,

"do you mean you want the BT to split by client IP and show a count for each unique IP address?"

exactly this is what i would like to achieve to better understand potential bruteforce attacks against certain login forms and to analyse from which client IPs we are facing an abnormal high request count.

kr, edwin

avatar image Roman S. Edwin R. · Jun 26, 2014 at 07:49 PM 0
Share

Ok, then you just need one split criteria - the client IP.

Should look like this (you will need to create the measure Server Side Performance - Transaction Based Measures - Business Transaction Evaluation/Filter/Splitting Values - Web Requests - Client IP first):

Make sure you are not storing this in the performance warehouse and you select no restrictions - up to 50k that should give you what you are looking for.

If you want to do this long term or have a larger number of unique IPs I would consider using the BT export feature and do the counting externally.

Best, Roman

avatar image

Answer by Richard W. · Jun 02, 2014 at 09:49 PM

Very useful, we get hit by some AV software checking us out, this piece allowed me to very quickly set up a BT to capture how often this is happening.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Ulf T. · Dec 18, 2012 at 04:55 PM

Hi

Another angle to it is that the UEM IP will give the IP of the user, that will be an internal adress from the LAN.
The Web Request IP will be the IP adress of the device communicating with the web server, typically a Firewall.

The first (UEM) IP doesn't have to be unique as most corporation use private adress space internally and hence the same IP can belong to two different people (adress usually swapped in the Firewall) while people acessing from home or from mobile devices will have a uniques adress.

The second (Web Request) doesn't have to be a uniques adress either since people accessing from within the same corporation will most likely pass through the same Firewall that most of the time uses NAT (Network Adress Transalation) and look like the same IP adress from the Web servers perspective. Of course the IP can be correlated with other identifiers to make certain whether they are unique or not.

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Eric F. · Dec 18, 2012 at 07:13 AM

What is the difference between these two masures:

1) UEM - Visits - IP Adress meaure
2) Server Side Perormance - We Requests - Client IP

I'm trying to filter by IP Address of users to my web site.

Thanks!!
Eric

Comment

People who like this

0 Show 5 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Roman S. · Dec 18, 2012 at 08:04 AM 0
Share

1) This is a measure on the whole visit, giving you the IP address this user came from. Obviously it is only available if you have UEM enabled. Use this is your BT is based on visits (e.g. filtering out all visits from a certain IP)
2) This is the IP address that we capture from the incoming web request on the web or app server tier. Use this if you BT is based on PurePaths.

Best, Roman

avatar image Eric F. Roman S. · Dec 18, 2012 at 03:53 PM 0
Share

What do you mean by 'use this if your BT is based on PurePaths'?

Does a visit not start a purepath? I suppose I'm expecting both 1 and 2 to lead to the same result; I probably don't understand how visits differ from PurePaths.

Thanks,
Eric

avatar image Roman S. Eric F. · Dec 18, 2012 at 03:57 PM 0
Share

Both measures you showed in your screenshot are used as filter/splitting criteria for business transactions (BT). As a BT can be based on visits, page actions or PPs we have different measure that get you the IP for the visit or single PPs.

Each visits consists of 1 or multiple page actions, which in turn can consists of multiple PPs. Take a look at the documentation for a more detailed explanation of the underlying concepts of UEM: https://apmcommunity.compuware.com/community/display/DOCDT50/User+Experience+Management#UserExperienceManagement-Visits

Best, Roman

avatar image Eric F. Roman S. · Dec 18, 2012 at 04:11 PM 0
Share

Roman, Thank you for answering!

What I'm hoping to do is filter for one specific IP address so that I can track what a specifc user is doing.

Would I be better served via UEM or SSP?

Thank you!!
Eric

avatar image Roman S. Eric F. · Dec 18, 2012 at 04:17 PM 0
Share

If your use case is to figure out what a user is doing you could just directly use the complaint resolution feature of dynaTrace. Just go to Edit - Search and you should be able to search for the visits by IP, date, location and other parameters.

Of course pre-requisite is that you have UEM enabled, if you do not have it the only way is a business transaction that groups the server-side PurePaths by the IP and use that as a starting point.

Best, Roman

avatar image

Answer by Guenther G. · Aug 12, 2011 at 09:34 PM

Hello,

I think the only solution would be to (ab)use business transactions for this: Create a business transaction either with a filter matching the specified IP or which groups by IP address. Then, you can use this business transaction as a filter criterion in your dashlets/dashboards. Make sure that the business transaction result measures are not written to the repository (they are just used to "flag" PurePaths). Note that this will only work with newly arriving paths or after you re-analyzed the session.

Update: I just realized: Of course you can also use the Business Transaction dashlet to show PurePaths matching the IP and then drill down to other dashlets.

Günther

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

3 People are following this question.

avatar image avatar image avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A