question

Mayana K. avatar image
Mayana K. asked ·

Dynatrace managed problems to splunk.

Hi,


We have integrate the dynatrace with splunk using the dynatrace Add-on. But we are not getting the all the below parameters from dynatrace to splunk.

{

"ImpactedEntities":{ImpactedEntities},

"ImpactedEntity":"{ImpactedEntity}",

"PID":"{PID}",

"ProblemDetailsHTML":"{ProblemDetailsHTML}",

"ProblemDetailsJSON":{ProblemDetailsJSON},

"ProblemDetailsMarkdown":"{ProblemDetailsMarkdown}",

"ProblemDetailsText":"{ProblemDetailsText}",

"ProblemID":"{ProblemID}",

"ProblemImpact":"{ProblemImpact}",

"ProblemSeverity":"{ProblemSeverity}",

"ProblemTitle":"{ProblemTitle}",

"ProblemURL":"{ProblemURL}",

"State":"{State}",

"Tags":"{Tags}"

}


Regards,

Mayana Khan

Dynatrace Managedmonitoringios
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

1 Answer

Sebastian K. avatar image
Sebastian K. answered ·

Which one are missing? It is possible that some of them in general are empty because of missing configuration in dynatrace (like tags for example). Did you consider such situation?

Sebastian

8 comments Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

@Sebastian K.,

We have created some custom alerts for Memroy, CPU, Heap Usage etc. We are not getting the information like what is utilization value, Which server its alerting and short description of the alert.


Problem in Splunk 

{"affectedCounts": {"APPLICATION": 0, "ENVIRONMENT": 0, "INFRASTRUCTURE": 1, "SERVICE": 0}, "commentCount": 0, "displayName": "801", "endTime": -1, "hasRootCause": false, "id": "-1067816902550697801_1560410700000V2", "impactLevel": "INFRASTRUCTURE", "rankedImpacts": [{"entityId": "HOST-8B38B39015859192", "entityName": "vmsskjsdjkc1000000", "eventType": "CUSTOM_ALERT", "impactLevel": "INFRASTRUCTURE", "severityLevel": "CUSTOM_ALERT"}], "recoveredCounts": {"APPLICATION": 0, "ENVIRONMENT": 0, "INFRASTRUCTURE": 0, "SERVICE": 0}, "severityLevel": "CUSTOM_ALERT", "startTime": 1560410700000, "status": "OPEN", "tagsOfAffectedEntities": [{"context": "CONTEXTLESS", "key": "HostName", "value": "vmssxzysjhsdh1000000"}, {"context": "CONTEXTLESS", "key": "DTNAMESPACE"}]}


I have attached the screenshot of the problem from dynatrace.



0 Likes 0 · ·
problem.jpg (109.4 KiB)

Actually you have info about which server, this is entitity ID, and name in entitiy name. There is no info about metric violation and that's true. Are you sure that there is proper configuration in splunk? It looks like some of fileds are ignored by splunk.

Sebastian


0 Likes 0 · ·

Yes, We have all the configurations in both dynatrace and splunk. Below screenshots for your reference.


Splunk conf:


Dynatrace conf:

0 Likes 0 · ·
splunk-conf.jpg (87.4 KiB)
dt-conf.jpg (93.9 KiB)

I’m not sure if Splunk is reading problem details string, there are informations you need. This may be problem.

Sebastian

0 Likes 0 · ·

Hi Again,


Now am trying to send the problem instead of pull from splunk API. When am adding custom payload as "event": "hello world" getting the success message.


If am adding any other parameters PID,State etc then i am getting 400 bad request.

0 Likes 0 · ·
success.png (40.3 KiB)
failure.jpg (91.1 KiB)

Splunk is waiting for special structure of JSON that can be parsed on it. I don’t think it is possible to send whatever you want.

0 Likes 0 · ·

we require these all fields in splunk


{
"ImpactedEntities":{ImpactedEntities},
"ImpactedEntity":"{ImpactedEntity}",
"PID":"{PID}",
"ProblemDetailsText":"{ProblemDetailsText}",
"ProblemID":"{ProblemID}",
"ProblemImpact":"{ProblemImpact}",
"ProblemSeverity":"{ProblemSeverity}",
"ProblemTitle":"{ProblemTitle}",
"ProblemURL":"{ProblemURL}",
"State":"{State}",
"Tags":"{Tags}"
}


0 Likes 0 · ·

Yes but I was talking about those bad requests exceptions :) I saw there single fields payloads

Sebastian

0 Likes 0 · ·

Space Topics

mobile monitoring dotnet synthetic monitoring reports iis chat kubernetes servicenow amazon web services mysql mainframe rest api errors cassandra dashboard oneagent sdk cmc application monitoring openkit smartscape request attributes monitoring developer community user tagging log monitoring services ufo syntheticadvisory activegate ip addresses auto-detection high five award oracle hyperion webserver uem usql iib test automation license web performance monitoring ios news migration management zones index ibm mq web services custom event alerts notifications sso host monitoring knowledge sharing reports browser monitors java hybris sap vmware maintenance window user action naming javascript appmon ai synthetic classic availability tipstricks automation extensions session replay diagnostic tools permissions davis assistant faq documentation problem detection http monitors server easytravel apdex aws-quickstart network docker tags and metadata cloud foundry google cloud platform synthetic monitoring process groups account usability dynatrace saas gui paas openshift key user actions administration user actions postgresql synthetic locations oneagent security Dynatrace Managed user management custom python technologies mongodb openstack user session monitoring continuous delivery citrix configuration alerting NGINX action naming linux nam installation masking error reporting database mission control jmeter recorder apache mobileapp RUM php threshold azure purepath davis scripting agent aix nodejs android