Collect L7 records with a trigger
L7 protocols can be committed (collected and stored) as a record through a global trigger function. L7 records include messages, transactions, and sessions sent over common L7 protocols such as DNS, HTTP, and SSL.
In the following steps, you will learn how to collect records for any device that sends or receives an HTTP response.
Learn more about ExtraHop Records.
First, we will write a trigger to collect information from the built-in HTTP record type with the commitRecord() method, which is available on all protocol classes. The basic trigger syntax is <protocol>.commitRecord(). Then, we will assign the trigger to a web server. Finally, we will verify that the records are being sent to the recordstore.
Before you begin
- You must have a configured recordstore, such as an Explore appliance, Splunk, or Google BigQuery
- These instructions assume some familiarity with ExtraHop Triggers, which require experience with JavaScript. Alternatively, you can configure L7 record collection through the ExtraHop system.
Next steps
Wait a few minutes for records to be collected, and then verify that your records are being collected in the next step by clicking Records from the top menu, and then clicking View Records to start a query.If you do not see any HTTP records after 5 minutes, click the Debug Log tab at the bottom of the page in the Trigger Editor to see if there are any errors you can resolve. If the trigger is running, the message "committing HTTP responses" is displayed. If records do not appear after the trigger is running, contact ExtraHop Support.
Thank you for your feedback. Can we contact you to ask follow up questions?