Transaction Detection Rules

Splunk AppDynamics uses different types of transaction detection rules to define entry points and name business transactions:

• Automatic transaction discovery rules include the default entry point types and naming configuration for each app agent type. 
• Custom match rules offer finer control over transaction discovery and naming for a single entry point type.

In many cases, the built-in rules yield a useful set of business transactions. If not, you can create new rules or edit the existing rules to optimize the transaction detection for your environment.

Permissions

The Configure Transaction Detection permission is needed to customize transaction detection rules.

The View Sensitive Data permission, In combination with the Configure Transaction Detection permission, enables the use of Live Preview and Business Transaction Discovery features to stream live data from your application.

Live Preview

For Java and .NET environments, you can use interactive live preview tools to find business transaction entry points:

• Business transaction discovery sessions stream live data from the node to the Controller UI to help you make instrumentation decisions. These sessions display transactions based on all transaction detection rules active for the node.

• For certain types of entry points, custom match rule live preview enables you to preview transactions based on applying a single transaction detection rule on a node.

Business transactions within the context of the Live Preview, called transient transactions, do not persist after the Live Preview ends. Business transaction discovery sessions let you apply or discard rule changes when you end the session. Custom match live preview rules apply after you save the rule. 

Some transient transactions may invoke exit calls to the same node where the Live Preview session is running. In certain cases, the agent may discover additional transient transactions and uninstrumented code on the downstream segment:

• The exit call and corresponding entry point are automatically discovered exit and entry points like HTTP or Web Service.
• Rare cases of custom activity in-process calls.

Manage Transaction Detection Rules

To customize transaction detection rules in the Controller UI, go to Configuration > Instrumentation. From the Business Transactions list, you can also click Configure to quickly access Transaction Detection settings.

You apply transaction detection rules to tiers using the flexible scope configuration model. From the Transaction Detection tab, you can manage rules as follows:

• Manage rules for individual scopes on the Transaction Detection tab.
• Manage rules application-wide on the Rules sub-tab. The Rules sub-tab also shows you the tiers where rules are applied and according to which scope.
• View or modify the rules for specific tiers on the Tiers sub-tab.

To modify an existing rule, you can double-click it to display the Rule Editor. Click +/Add to define a new rule.

Use Live Preview button to start a Business Transaction Discovery session for nodes running the Java and .NET Agent.

Manage Transaction Call Graphs

• The call graph capture utilizes CPU and memory. It might affect the agent performance.
• This is applicable for Java rule with Entry Point as POJO.
  
• This option is available for the Java tiers only.

Call graphs allow you to automatically find all potential entry points that are hitting instrumented exit points or loggers. Use this option when you suspect that some traffic is not being detected as business transactions. To view call graphs in the Controller UI:

1. Navigate to Configuration > Instrumentation > Transaction Detection.
2. Select a tier from the Tier tab.
3. From the call graphs list, open a call graph to open the associated stack trace.
   
   
4. Select a method from the stack trace and this will automatically populate the class and method field of the current detection rule.
5. Configure the rule priority, scope, and save the rule. For information on rule priorities, see Transaction Detection Rule Priorities and Scope Configuration Model. You can start seeing the missing business transaction as soon as you save the rule.

By default, the call graphs are captured for 15 minutes. Also, a maximum of 100 call graphs can be captured in one session and a maximum of 200 call graphs can be captured for a tier. All the call graphs are deleted after 24 hours. Configure the following Controller properties to change the default call graph settings. See Controller Setting for Detection Rule.

1. To change the call graph capture duration, configure the find.entry.point.session.window.size Controller property. In this property, specify the number of minutes for the call graph capture duration.
   Once the call graph session begins, you can see call graphs within a few minutes.
2. To change the maximum number of call graphs that can be stored per tier, configure the find.entry.point.max.callgraph.tier Controller property. In this property, specify the number call graph that you want to capture and store for a tier. Make a note that the agent captures only 100 call graphs per session.
   

Transaction Detection Rule Priorities

Splunk AppDynamics app agents apply transaction detection rules of the same type in the following order of precedence:

1. Rule priority from highest to lowest. A priority of 0 is the lowest priority possible.
2. Creation date from oldest to newest. This is applicable to custom rules only.

For example, consider an HTTP request that matches a priority 2 custom match rule and a priority 6 custom match rule. The agent applies the priority 6 rule.

When an incoming request matches more than one type of detection rule, Splunk AppDynamics applies the detection rules in the following order of precedence:

1. Custom match include rules according to the include rule priority. If the request matches an include rule, the agent names the business transaction based on the rule.

2. Custom match exclude rules according to the exclude rule priority. If the request matches an exclude rule, the app agent excludes the transaction from discovery.

3. Default automatic detection rules. If the request matches a default automatic detection rule, it names the transaction according to the auto-detection naming scheme.

If two entry point types have the same priority where either can be used to define or register an entry point, then there is some precedence between them.

For example: If in Java just the Java Automatic Discovery Rule with all types is enabled, and there are entry points which can be considered as Web Services or Servlets - then the Servlets will take priority - a higher priority rule is needed if Web Services are the desired default.

To view the default order of transaction detection rules for a tier:

1. Navigate to Configuration > Instrumentation > Transaction Detection > Tiers. 
2. Click a tier to see the rules ordered by precedence and priority.

For Java and .NET, you can set the check-bt-excludes-early node property to "true" to configure the app agent to evaluate custom match exclude rules before custom match include rules. This is a node-based configuration and does not affect the display order of rules in the Controller UI.

Export Detection Rules

You can migrate the rules between applications and tiers using the Controller API. See Configuration Import and Export API. 

Import Detection Rules

To import detection rules, click Import, select the file you want to import, and click Import. The file must be in the XML format.