Applications FAQ

Here are some answers to frequently asked questions about applications.

What is the All Activity application?

The All Activity application is a built-in application that aggregates metrics for all devices observed by the ExtraHop system.

Note:By default, the All Activity application contains built-in metrics associated with all protocols except MSRPC. To add MSRPC metrics to the All Activity application, you must set application_default_rpc_enabled to true in the running configuration file.

Why is there unexpected metric activity in my application?

Unexpected activity might be a result of one or more triggers written to send traffic to the application. For example, if you see metrics from devices or protocols that are not selected in the application settings, it might be from the devices the trigger is assigned to or the events the trigger runs on.

Why can't I delete an application?

To preserve historical data, applications cannot be deleted. If, over time, an application stops seeing metric activity, it becomes inactive. For example, if you remove data sources in the application settings, disable associated triggers, or if the assigned sources themselves are inactive, the application becomes inactive.

From the Applications page, you can sort the applications list to view only active applications.

Why can't I change the application ID?

The application ID is referenced by triggers that send traffic to the application. Modifying the application ID might break a trigger or result in the trigger creating a duplicate of the original application.

What are the REST API application properties for?

The REST API properties are unique identifiers that you reference to perform configuration tasks through the ExtraHop REST API. For example, to retrieve details for a specific application through the REST API, you must enter the API ID for the application.

Click Properties from the Application Overview page to view the REST API details.

When should I write a trigger to create an application?

Write a trigger if you need an advanced application, such as in the following examples:

  • You want advanced filtering, such as collecting traffic only when HTTP 404 responses occur.
  • You want to commit custom metrics to the application.
  • You want to collect metrics from non-L7 traffic such as Flow or TCP.

I wrote a trigger to create an application with custom metrics. Can I view the custom metrics in the application?

Custom metrics cannot be viewed from an application; applications only display built-in metrics. Although the custom metrics are committed to the application, you must create a chart to view custom metric data.

To see metrics in one place, can I build a dashboard from multiple devices instead of an application?

Yes, dashboards are another method for viewing the metrics you want in one place; however, a dashboard requires you to manually build and maintain charts for the metrics you want, which takes time and consumes more resources.

How do I collect more complex metrics for an existing application?

You can commit additional metrics to an existing application by adding a trigger that references the Application ID (also known as the Trigger ID). To find the Application ID, log in to the ExtraHop system and navigate to your application. Then, click on the Properties link from the top-right of the Application Overview page. The Application ID is displayed near the bottom left of the Properties window.

Next, write your trigger and include the Application ID as Application('<app_id>'). For example, the following lines commit a metric to track HTTP 404 errors for an application that has an Application ID of HQservers :

if (HTTP.statusCode === 404){
    Application('HQservers').metricAddCount("HTTP 404s", 1);
}

For more information about committing metrics to applications, see Create an application through the Trigger API.

Last modified 2024-04-13