I have a developer that wants to be able to see all transactions (not just slow or errored transactions) for a particular service for 24 hours. He needs to be able to see the http headers along with the payloads. We have APM 9.5 on the calling application but not on the receiving one. We have an MTP with TIM capturing the traffic at the load balancer. What's the best way to capture all the traffic? Can I do this with APM or CEM or do I just need to do a traditional packet capture?
You could do that in CEM by setting up a catch-all rule and set the defect threshold really low. But that will fill up your APM database and may tax the TIM. I am strongly not recommending this approach. Instead , I would set up CEM defects on some transactions using e, low/high throughput, small/large size to give you a representative sample. Please let me know if this was helpful.
Thanks, Hallett! I had initially wanted to try your first approach, but with a narrower rule. This service has multiple callers, but the caller I'm interested in is low volume (240-ish requests a day). The challenge is we were not seeing a good way to filter down to just the low-volume caller. I may have found an HTTP Request header I can filter on, so I'm running a transaction discovery now to see if I can grab just those transactions. If I can get only those transactions into a filter, I think I can do that first approach b/c 240/day is pretty low. Does that sound like a good approach? It would be nice if we could filter on source IP range. I don't think there is a way to do that in the specifications to split out rules on a URL based on source IP range.
in CEM, you can filter by Client IP in a definition. RTTM allows you to build metrics by user group/ip that may help. I am converting this to a discussion since more general
If you are interested in doing this from the Agent side, you could use one of our field-solution Agent extension that captures all transaction traces. It doesn't look into the Request header to see if it should capture that particular request, but we can modify this Agent extension to do that. You'd then filter on a particular WebApp name, or any field found in the Request header or cookie. Anyway, just another approach to have at your disposal.