Hello,
We have recently enabled dynaTrace 5.5 with UEM for our customer. The problem is that the customer is not seeing users (e.g. Southeast Asia) on the world map. During the POC these more granular entries were visible on the world map (see screenshot world map.jpg )
We suspect that some of the Client IP addresses are NAT addresses and are therefore being "aggregated" in the world map view. The real IP could be in the X-Forwarded-For (XFF) header attribute (see screenshot X_Forwarded_For_01.jpg). According to my research, the left value should be the "real IP address". Please correct me if I am wrong. Since today we are capturing the X-Forwarded-For attribute in the Request header (Frontend sensor ASP.NET and Web Server sensor). In dT server settings / Geographical Locations, the X-Forwarded-For entry has been pushed up to have highest priority for UEM (see screenshot X_Forwarded_For_02.jpg)
Now the question is: How can UEM extract the real IP address, so that we can display all regions in the UEM world map accordingly?
Best Regards
Tomislav
Answer by Tomislav F. ·
I have tried to perform a UEM health check to verify whether the UEM dynaTrace cookies are being filtered out (dtCookie, dtPC, dtLatc). During our WebEx session there was a general outage of the customer's application which prevented us from accessing the application URL. Once the URL is reachable again, another UEM heal check will be attempted again.
Regarding the proxy server visits: At this point in time we know that certain end-users access the application through proxy servers (see screenshot proxy_visits.jpg). It has been mentioned that the high amount of US users are in fact also accessing the application from outside of the US
Answer by Herwig R. ·
Hi Tomislav,
is it possible that for some reason our cookis are filtered out (dtCookie, dtPC, dtLatc) for the missing user actions.
If so this would be an explanation why you see server side PP but no user action (and so no visits).
Best, Herwig
Answer by Tomislav F. ·
That is a good question about why there are two IP addresses in the X-Forwarded-For (XFF) field. From my understanding the left XFF value should be the original IP, and all subsequent XFF values should be proxy entries? During today's remote session dT only offered me to drill down to user action Purepaths (starting from the visits dashlet) and not to Purepaths, where I would see the XFF header field. What the customer also mentioned is that in the North America they have an unexpectedly high amount of visit counts, whereas in Asia the visit count is rather low. Maybe the reason for that is because end-users are using a VPN from Asia (connecting to the US) and then using the application?
From an older local session file, the following attached screenshot shows how I can drill down to the IP address in the Request Header visits_ip_drill_down.jpg
Another more important question: in UEM we currently have missing entries / visits. Are these missing entries also reflected "everywhere else" in dT? (meaning in the server-side Purepaths). As far as I understand, UEM is considered separately in dT and therefore other parts in dT should provide a complete picture. Is that correct? (e.g. dashlets for Web Requests, Transaction Flow, hotspots)
Answer by Tomislav F. ·
After yesterday's change, the first customer feedback today is that there is no improvement. The expected dots in the world map are still missing. In the System Profile, I have checked the "User Experience" settings and they seem to be fine. In the "Visits by Location" dashlet, there are proxy entries (see attached screenshot proxy_visits_by_location.jpg ). What could be the reason?
JANUARY 15, 3:00 PM GMT / 10:00 AM ET