Dynatrace managed problems to splunk.
Hi,
We have integrate the dynatrace with splunk using the dynatrace Add-on. But we are not getting the all the below parameters from dynatrace to splunk.
{
"ImpactedEntities":{ImpactedEntities},
"ImpactedEntity":"{ImpactedEntity}",
"PID":"{PID}",
"ProblemDetailsHTML":"{ProblemDetailsHTML}",
"ProblemDetailsJSON":{ProblemDetailsJSON},
"ProblemDetailsMarkdown":"{ProblemDetailsMarkdown}",
"ProblemDetailsText":"{ProblemDetailsText}",
"ProblemID":"{ProblemID}",
"ProblemImpact":"{ProblemImpact}",
"ProblemSeverity":"{ProblemSeverity}",
"ProblemTitle":"{ProblemTitle}",
"ProblemURL":"{ProblemURL}",
"State":"{State}",
"Tags":"{Tags}"
}
Regards,
Mayana Khan
Which one are missing? It is possible that some of them in general are empty because of missing configuration in dynatrace (like tags for example). Did you consider such situation?
Sebastian
We have created some custom alerts for Memroy, CPU, Heap Usage etc. We are not getting the information like what is utilization value, Which server its alerting and short description of the alert.
Problem in Splunk
{"affectedCounts": {"APPLICATION": 0, "ENVIRONMENT": 0, "INFRASTRUCTURE": 1, "SERVICE": 0}, "commentCount": 0, "displayName": "801", "endTime": -1, "hasRootCause": false, "id": "-1067816902550697801_1560410700000V2", "impactLevel": "INFRASTRUCTURE", "rankedImpacts": [{"entityId": "HOST-8B38B39015859192", "entityName": "vmsskjsdjkc1000000", "eventType": "CUSTOM_ALERT", "impactLevel": "INFRASTRUCTURE", "severityLevel": "CUSTOM_ALERT"}], "recoveredCounts": {"APPLICATION": 0, "ENVIRONMENT": 0, "INFRASTRUCTURE": 0, "SERVICE": 0}, "severityLevel": "CUSTOM_ALERT", "startTime": 1560410700000, "status": "OPEN", "tagsOfAffectedEntities": [{"context": "CONTEXTLESS", "key": "HostName", "value": "vmssxzysjhsdh1000000"}, {"context": "CONTEXTLESS", "key": "DTNAMESPACE"}]}
I have attached the screenshot of the problem from dynatrace. 
Actually you have info about which server, this is entitity ID, and name in entitiy name. There is no info about metric violation and that's true. Are you sure that there is proper configuration in splunk? It looks like some of fileds are ignored by splunk.
Sebastian
Yes, We have all the configurations in both dynatrace and splunk. Below screenshots for your reference.
Splunk conf:
Dynatrace conf:
I’m not sure if Splunk is reading problem details string, there are informations you need. This may be problem.
Sebastian
Hi Again,
Now am trying to send the problem instead of pull from splunk API. When am adding custom payload as "event": "hello world" getting the success message.
If am adding any other parameters PID,State etc then i am getting 400 bad request.
Splunk is waiting for special structure of JSON that can be parsed on it. I don’t think it is possible to send whatever you want.
we require these all fields in splunk
{
"ImpactedEntities":{ImpactedEntities},
"ImpactedEntity":"{ImpactedEntity}",
"PID":"{PID}",
"ProblemDetailsText":"{ProblemDetailsText}",
"ProblemID":"{ProblemID}",
"ProblemImpact":"{ProblemImpact}",
"ProblemSeverity":"{ProblemSeverity}",
"ProblemTitle":"{ProblemTitle}",
"ProblemURL":"{ProblemURL}",
"State":"{State}",
"Tags":"{Tags}"
}
Yes but I was talking about those bad requests exceptions :) I saw there single fields payloads
Sebastian
