back caretBlog

Why ExtraHop + Splunk Integration Matters

The new Splunk App for ExtraHop captures real-time metrics that are otherwise difficult or impossible to log.

Splunk has made headlines over the past few months for its successful IPO and powerful Big Data approach to log file analysis. IT Operations teams all over the world use Splunk Enterprise software to free them from the drudgery of having to manually inspect server logs. With Splunk's solution, these IT Operations teams can more easily manage, visualize, and analyze massive amounts of machine data generated in their datacenter.

Operational intelligence from Splunk complements the real-time application performance monitoring from ExtraHop. Both ExtraHop and Splunk represent new and better ways of solving difficult challenges. That's why Gartner listed both companies in their December 2011 APM Innovators report.

Read more about the importance of innovation when choosing an application performance management (APM) solution.

Adding Policy-Based and Precision Logging to Big Data Operational Intelligence

Many thought-leading ExtraHop customers, such as Concur Technologies, use ExtraHop and Splunk in conjunction. In these scenarios, the ExtraHop system provides proactive early warning and cross-tier correlation for monitoring and troubleshooting application performance issues, while Splunk provides the historical analysis, trending, and reporting for the infrastructure.

Following the suggestions of our joint customers, ExtraHop and Splunk collaborated to integrate our products. The new Splunk App for ExtraHop enables IT teams to record important real-time information and metrics in Splunk that would otherwise be difficult or impossible to log.

  • Network health and performance metrics. IT teams can use the ExtraHop system to capture holistic TCP metrics—spanning both the applications and network—that are timely and relevant for real-time troubleshooting. Without this precision logging, Splunk users are dependent on the quality and scale of logging provided by network device vendors.
  • Web servers. With the ExtraHop system, IT teams gain visibility into HTTP/S payloads without having to change the application code and can correlate web tier performance with network behaviors. Application payload information cannot be logged, and only ExtraHop can extract elements like Order ID, Merchant ID, Title, and Transaction ID and forward that on to Splunk with no performance impact. This approach also provides visibility into related infrastructure components, such as application delivery controllers and caches that can obscure web server performance.
  • Application servers. The ExtraHop system helps IT teams avoid problems with inconsistent and inflexible logging options available on application servers including Apache Tomcat, ASP.NET, and Ruby on Rails. Obtaining the right log data normally requires scripted inputs using JMS/JMX. In contrast, ExtraHop sends precise application server metrics, as well as payload information, to Splunk that take network performance into account as well.
  • Database servers. The ExtraHop system deploys non-intrusively and imposes zero overhead. In contrast, turning on database profiling to obtain log data adds too much overhead for that method to be used in production. Running an SQL trace added 19% and 147% overhead for two example workloads, respectively, according to an MSDN paper on Microsoft SQL Server 2008 auditing.

Depending on the workload, running an SQL trace to gather database server log data can add significant overhead.

  • Storage devices. With the ExtraHop system, IT teams gain access to real-time storage performance metrics, including details that are difficult or impossible to derive from logs or storage APIs, such as file access times for specific clients.
  • Transaction metrics. Perhaps most importantly, the ExtraHop system correlates health and performance metrics from discrete components in the application delivery chain to determine end-to-end response times, cross-tier metrics, and end-user metrics.

The ExtraHop system correlates performance metrics from throughout the application delivery chain to provide application response time metrics.

The Splunk App for ExtraHop is now available for download from Splunkbase. The 3-minute video below demonstrates how the integration between ExtraHop and Splunk works. If you use Splunk Enterprise in your environment and would like to add real-time application performance monitoring and troubleshooting capabilities, contact us today. Want to learn more? Try our free, interactive online demo.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed