APM tool data
Application Performance Management (APM) software provides end-to-end measurement of complex, multi-tier applications to provide performance metrics from an end user’s perspective. APM logs also provide event traces and diagnostic data that can assist developers in identifying performance bottlenecks or error conditions. The data from APM software provides both a baseline of typical application performance and a record of anomalous behavior or performance degradation. Carefully monitoring APM logs can provide an early warning to application problems and allow IT and developers to remediate issues before users experience significant degradation or disruption. This can include slow DNS resolution causing a complex web app to bog down as it tries to access content and modules on many different systems. It also helps to identify SQL/API calls/CMD made in relation to suspicious activity, or abnormal amounts of sessions or CPU load in relation to security activity. APM logs also are required to perform post-hoc forensic analysis of complex application problems that may involve subtle interactions between multiple machines, network devices or both.
Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: