Application Performance Management (APM) software provides end-to-end measurement of complex, multi-tier applications to provide performance metrics from an end user’s perspective. APM logs also provide event traces and diagnostic data that can assist developers in identifying performance bottlenecks or error conditions. The data from APM software provides both a baseline of typical application performance and a record of anomalous behavior or performance degradation. Carefully monitoring APM logs can provide an early warning to application problems and allow IT and developers to remediate issues before users experience significant degradation or disruption. APM logs also are required to perform post-hoc forensic analysis of complex application problems that may involve subtle interactions between multiple machines, network devices or both.
APM logs can show infrastructure problems and bottlenecks that aren’t visible when looking at each system individually, such as slow DNS resolution causing a complex web app to bog down as it tries to access content and modules on many different systems. It also helps to identify SQL/API calls/CMD made in relation to suspicious activity, or abnormal amounts of sessions or CPU load in relation to security activity.
When your Splunk deployment is ingesting APM tool data, you can use it to accomplish security and compliance, IT ops, and application delivery use cases.
Guidance for onboarding data can be found in the Spunk Documentation, Getting Data In (Splunk Enterprise) or Getting Data In (Splunk Cloud). In addition, these Splunk Add-Ons and Apps are helpful for working with APM tool data.
Looking for more information on data types? Download the Splunk Essential Guide to Machine Data.