How can ExtraHop show Dynatrace data?

Is there a way to integrate Dynatrace data into our wire data metrics? I seem to recall someone did that in the past by scraping packet header data.

I think Dynatrace uses a token in a header or a cookie. If that’s the case, HTTP can be opened and captured. Then, added to an EXA record for filtering and grouping.

Other binary protocols, such as DB or CIFS, may be more difficult, since we are only parsing the known binary protocol fields. I’d be interested to hear from others if they’ve seen this or have ideas.

Example One:

`var dynatrace = null;
 var routeid = null;
 var soapaction = null;
 if (Flow.server.port.toString() == "7710") {
 if (event == "HTTP_RESPONSE") {
    var record = Object.assign({}, HTTP.record);
    for ( var i = 0; i < HTTP.headers.length; i++ ) { 
        if (HTTP.headers[i].name.indexOf("X-dynaTrace") > -1) {
            dynatrace = HTTP.headers[i].value;
            //debug(dynatrace);
        } else if (HTTP.headers[i].name.indexOf("Set-Cookie") > -1) {
            if (HTTP.headers[i].value.indexOf("ROUTEID") > -1) {
                routeid = HTTP.headers[i].value;
            }
        }

    }
    record.dynatrace = dynatrace;
    record.soapaction = Flow.store.soapaction;
    commitRecord("HTTP_ XYZ", record);
    Application("XYZ ").commit();
} else if (event == "HTTP_REQUEST") {
    for ( var j = 0; j < HTTP.headers.length; j++ ) { 
        if (HTTP.headers[j].name.indexOf("SOAPAction") > -1) {
            soapaction = HTTP.headers[j].value;
            //debug(soapaction)
        }

    }
    Flow.store.soapaction = soapaction;
}
if (event == "FLOW_CLASSIFY") {
    //debug(Flow.l7proto + " | " + Flow.server.port.toString());

    Flow.addApplication("XYZ", true);
   } 
   }`

Example 2

Although you cannot add fields to built-in record types, such as HTTP, you can create a new record type that contains all HTTP record fields, and add additional fields to that new record type.

In the following example, we will show how you can monitor Dynatrace activity on your network by adding the “x-correlation-ID” and “x-dynatrace” headers to HTTP records. The following code extracts the headers from HTTP requests and adds them to the flow store. The headers are then retrieved from the flow store on the HTTP responses, where they are added to the HTTP record and then committed to a new record type named DynatraceHttp:

if (event === 'HTTP_REQUEST'){
     var corrId = HTTP.headers['x-correlation-id'];
var dtraceId = HTTP.headers['X-dynaTrace'];
Flow.store.corrId = corrId;
Flow.store.dtraceId = dtraceId;
}

if (event === 'HTTP_RESPONSE'){
   var corrId = Flow.store.corrId;
   var dtraceId = Flow.store.dtraceId;
  if(corrId === null){return;}
  if(dtraceId === null){return;}

var record = HTTP.record;
record['corrId'] = corrId;
record['dtraceId'] = dtraceId;
commitRecord('HTTP_Dynatrace', record);
debug(JSON.stringify(record));
 }

Next steps:
Create a new record format. The Record Type must be “HTTP_Dynatrace” and the Schema on Read must contain all HTTP record format fields and the two additional fields shown below:

{
    "display_name": "Correlation ID",
    "name": "corrId",
    "data_type": "s",
    "default_visible": true
},
{
    "display_name": "DynaTrace ID",
    "name": "dtraceId",
    "data_type": "s",
    "default_visible": true
},
1 Like