IT

Ingest AppDynamics and New Relic Alerts into Splunk ITSI Event Analytics

This document describes the steps to integrate the following monitoring and troubleshooting tools with ITSI Notable Events Review:

-   AppDynamics application events and health rule violations

-   New Relic alert violations

Why should you care?

AppDynamics and New Relic do not require any forwarder deployment to collect application performance management (APM) data, resulting in fast onboarding time. They provide rich metrics, but they are not able to correlate those metrics to legacy infrastructure events like Nagios, Solarwinds, or Netcool. Splunk ITSI is in a unique position to combine APM metrics, threshold  violations, infrastructure alerts, and log information across toolsets.

Ingest AppDynamics event data into ITSI

Configuration time: 15 minutes

1.     Download the Splunk Add-on for AppDynamics.

2.     Open the Splunk Add-on for AppDynamics app.

3.     Click Create New Input > AppDynamics Summary.

4.     Configure the summary information as shown below. Under Metric Sets to Collect, add “Application Events” and “Health Rule Violations”. These types of event data have slightly different data structures, but both can serve as inputs into ITSI. 

Note: If you leave the 'Application Name' field blank, ALL applications are retrieved. If you only want selected applications, enter the application name or a comma-separated list of application names. 

Import the correlation search and notable events aggregation policy

5.     Download the integration script.

6.     Restore the aggregation policy on the ITSI server via the kvstore_to_json.py command line utility.

Tailor to your environment

7.     In ITSI, click Configure > Correlation Searches.

8.     If you only want to configure AppDynamics and not New Relic, delete the “NewRelic Application Events” correlation search from the list.

9.      (Optional) To streamline performance, tune the AppDynamics application events and health rule violations to point to specific indexes.

Test the deployment

10.     In ITSI, click Notable Events Review.

11.     Ensure that application events and health rule violations show up in Notable Events Review.

------------------------------------------------------------------------------------------------------------------------------------------------------------

Ingest New Relic event data into ITSI

Configuration time: 15 minutes

1.     Download the Splunk App for New Relic.

2.     Open the Splunk app for New Relic.

3.     Click Create New Input > New Relic Account Input.

4.     Configure the account input as shown below. Under API URL, add “Alerts Violations”. This ensures that New Relic alert violations are collected for ingestion into ITSI.

Import the correlation search and notable events aggregation policy

5.     Download the integration script.

6.     Restore the aggregation policy on the ITSI server via the kvstore_to_json.py command line utility.

Tailor to your environment

7.     In ITSI, click Configure > Correlation Searches.

8.     If you only want to configure New Relic and not AppDynamics, delete the “AppD Application Events and AppD Healthrule Violations" correlation search from the list.

9.     (Optional) To streamline performance, tune the New Relic application events to point to specific indexes.

Test the deployment

10.     In ITSI, click Notable Events Review.

11.     Ensure that alert violations show up in Notable Events Review.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Liz Snyder
Posted by

Liz Snyder

Liz is a technical writer for the Splunk IT Service Intelligence team. In her role, she works closely with SMEs, product management, and engineers to produce technical documentation for the ITSI team. Before coming to Splunk, Liz wrote documentation for Big Data products at Informatica LLC in Redwood City. 

Join the Discussion