Create trigger to separate traffic by URL (DB & HTTP)

triggers

#1

One of our environments is segmented by subdomain for http communication, so I can segment that environment into applications w/ this trigger:

if (HTTP.host.indexOf('.domain') > -1) {
    var vanity_name = HTTP.host.split('.')[0];
    var app = "appType: " + vanity_name;
    log("Host: " + HTTP.host + "basename: " + vanity_name);
   log("Committing app: " + app);
   Application(app).commit();
}

How do I break out it’s DB traffic as well, in order to show number of requests and statements related to that app? I’m thinking about the data I get from the example DB trigger is what I’m interested in: DB Trigger Example
Any assistance you could give here would be useful. Thanks


#2

I’m not sure if you’ve got some assistance from your account team.

But just some idea for general clarification. You’d want to find out the deterministic link between HTTP and DB traffic, such as different database names or different DB client IPs.

Hope this helps.


#3

Yeah, that’s gonna be pretty difficult to “stitch” database calls together with front-end calls (e.g. HTTP traffic). If you have a “transaction ID” of sorts that traverses the entire transaction, than it could be done.

Typically, a more reliable approach to monitoring multi-tier applications relies on building tier-specific dashboards for each of the logical tiers in your application. Then you can clearly get a good idea when specific tiers (or even specific servers) are having problems.

This is probably best explained via phone/webex. Reach out to your ExtraHop account team and they should be able to talk you through this in more detail.’

Good luck!


#4

Yeah, kind of thought this would be a beast. I’ll see if I can narrow down a transaction ID which will make things much smoother. Thanks.