Académique Documents
Professionnel Documents
Culture Documents
5.5.2
Foglight Experience Viewer
User Guide
© 2009 Quest Software, Inc. ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished
under a software license or nondisclosure agreement. This software may be used or copied only in accordance with
the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any
means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's
personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
Quest Software World Headquarters
LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656
www.quest.com
email: legal@quest.com
Refer to our Web site for regional and international office information.
Trademarks
Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure,
Benchmark Factory, Big Brother, BusinessInsight, ChangeAuditor, ChangeManager, DeployDirector,
DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, ERDisk, Foglight, GPOADmin, Imceda,
IntelliProfile, InTrust, Invirtus, iToken, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin,
MessageStats, Monosphere, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Quest Central,
Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, SelfServiceADmin, SharePlex, Sitraka,
SmartAlarm, Spotlight, SQL LiteSpeed, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon,
Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator, vControl, vConverter, vFoglight, vOptimizer Pro, vPackager,
vRanger, vRanger Pro, vSpotlight, vStream, vToad, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite,
Vizioncore vBackup, Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore vReplicator, Vizioncore vTraffic,
Vizioncore vWorkflow, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest
Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used
in this guide are property of their respective owners.
Disclaimer
The information in this document is provided in connection with Quest products. No license, express or implied, by
estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of
Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE
LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS
ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION,
DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF
THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of
the contents of this document and reserves the right to make changes to specifications and product descriptions at any
time without notice. Quest does not make any commitment to update the information contained in this document.
User Guide
August 2009
Version 5.5.2
Table of Contents
This chapter provides information about what is contained in the FxV User Guide. It
also provides information about the Foglight documentation suite and Quest Software.
About Foglight
Foglight is an application management solution that reduces or eliminates service
disruptions to unify IT and the business. Unlike other solutions, it provides a correlated,
360 degree view of your applications from end user to database and from service levels
to infrastructure—to source the root cause of every incident impacting your business
and fix them quickly. Foglight correlates data from multiple perspectives into a single
version of the truth to provide deep insight into the service relationships that exist
between end users, the business and infrastructure components. Its unique adaptive
technology rapidly adjusts to change for improved application performance and service
levels, reduced operational cost and risk, and enhanced visibility for all stakeholders.
• PDF: The complete Foglight documentation set is available in Adobe PDF from
SupportLink. The PDF documentation can also be found in the Documentation
folder on the Foglight DVD. The following subset is available from the computer
Foglight is installed on: Administration and Configuration Guide, User Guide,
Command-Line Reference Guide, Web Component Guide and the Web
Component Tutorial. In addition, the cartridges ship with PDF guides. To view
the installed PDF guides, in Windows go to Start > Programs > Quest Software
> Foglight 5.5.2 > Documentation. The default location of the documentation
after installation is <foglight_home>/docs. Adobe Reader is required.
• HTML: Release Notes are provided in HTML format.
• Videos: Tutorial videos are not provided with the product, but are available on
SupportLink. They provide an easy and accessible way to learn about key
features and help you get started with Foglight.
Introduction to this Guide 13
Foglight Documentation Suite
Text Conventions
The following table summarizes how text styles are used in this guide:
Convention Description
Interface Bold text is used for interface options that you select (such as
menu items) as well as keyboard commands.
Introduction to this Guide 15
About Quest Software, Inc.
Convention Description
Email info@quest.com
Refer to our web site for regional and international office information.
Support provides around the clock coverage with SupportLink, our web self-service.
Visit SupportLink at: http://support.quest.com.
From SupportLink, you can do the following:
• Quickly find thousands of solutions (Knowledgebase articles/documents).
• Download patches and upgrades.
• Seek help from a Support engineer.
• Log and update your case, and check its status.
View the Global Support Guide for a detailed explanation of support programs, online
services, contact information, and policy and procedures. The guide is available at:
http://support.quest.com/pdfs/Global Support Guide.pdf.
1
Introducing the Foglight
Experience Viewer (FxV)
Foglight Experience Viewer allows for capture, storage, analysis, and replay of actual
end user sessions in their entirety. Data is provided to the Foglight Experience Viewer
by the Foglight Experience Monitor, which gathers the Web traffic from a switch span
port or other network tap.
Foglight Experience Viewer allows customers to:
• Understand the impact of infrastructure problems on end users and business
• Identify the business impact associated with a poor user experience
• Determine affected end users in order to better prioritize incident and problem
resolution
This chapter is an overview of the FxV data model used for hit analyzing, hit searching,
and session replay via the FxV browser interface.
Architecture Overview
This section is intended for FxV’s first-time users, and provides information about the
following topics:
• “How Are Hits Processed?” on page 18
• “How Is Hit Analysis Performed?” on page 20
• “What Are Hit Filters and Transaction Filters?” on page 19
• “How Do You Perform a Search?” on page 20
• “How Do You Examine a Session?” on page 21
The FxM Agent consumes raw HTTP packets, determines the session ID for each hit,
and passes raw hit data to its local Collector (through a local, shared memory interface).
The FxM Collector accumulates these raw hits and then sends them across a network
socket, to the FxV Tcpbatches listener. The FxV Tcpbatches process opens and listens
on a TCP socket (FxV’s port 7623), and when hit data is received, it forwards it to its
local Archiver, through a shared memory interface.
The FxV Archiver reads each hit, performs hit processing and analysis, then updates the
searchable database (for the hit, the session that contains the hit, and any related
transactions). The Archiver maintains a subset of the capture database on local disk, and
manages the transfer of database segments to the storage tier (if present).
A secondary Analysis Repository can be implemented as part of the Storage service, to
provide access to session and transaction data over extended periods of time.
Important A key distinction between Hit Filters and Transaction Filters is that Hit Filters work on a
single hit, while Transaction Filters can work across multiple hits in the same session.
Hit Filters and Transaction Filters can also invoke Groovy scripts to perform additional
capture-time processing, such as evaluating complex conditional expressions or regular
expressions, transforming hit data for use in searchable fields or metrics, or interacting
with external systems through a generic HTTP interface.
20 Foglight Experience Viewer
User Guide
The Hit, Session, and Transaction data types represent the core of the FxV data model.
Other elements include Custom Fields and Metrics. The interactions between the
elements of the data model are complex, as illustrated in the following diagram.
Introducing the Foglight Experience Viewer (FxV) 23
Data Model Overview
For additional details about the FxV data model, see these sections:
• “Custom Fields” on page 23
• “Metrics” on page 24
• “Hits” on page 24
• “Sessions” on page 26
• “Transactions” on page 27
Custom Fields
The FxV Hit Analysis process is highly customizable by virtue of user-defined Hit
Filters and Transaction Filters. These filters allow the captured data to be customized by
adding custom fields to any hit, session, or transaction. A custom field can consist of
24 Foglight Experience Viewer
User Guide
any piece of data that might be useful as a search term or a search result. The values
stored in custom fields can come from a variety of sources. Typically, they are some
variation on a value extracted from a hit. In many cases, it is useful to extract data from
a specific hit and store it as a custom field on the enclosing session and/or transaction, in
order to allow the session to be found based on that data (for example, a username).
Custom fields on individual hits are less common, since most of the data typically used
to populate a custom field value is already part of the hit. However, it may be useful to
extract a header, field, or cookie value and store it as a hit-scoped custom field, in order
to allow it to appear directly in hit search results.
Metrics
FxV metrics are distinct from any hit, session, or transaction. However, like custom
fields, metrics are updated by Hit Filters and Transaction Filters. Essentially, FxV user-
defined metrics are global numeric custom fields, whose values are not set explicitly
(they are only incremented or decremented).
Although metrics are not directly associated with hits, sessions, or transactions, metric
updates are. This means that for any hit, session, or transaction, it is possible to see any
metrics that were modified during its processing, specifically:
• If a Hit Filter updates a metric, that update is associated with the hit being
processed, as well as with the active session. However, that update is NOT
associated with any transactions.
• If a Transaction Filter updates a metric, that update is associated with the active
transaction, as well as with the active session. However, that update is NOT
associated with any hits.
Hits
A hit is a single request made by a client browser and the corresponding response from
the Web server. FxV captures and stores the following data for each hit:
• Overall Hit Status (determined by Hit Filters)
• Timing Details
• End to End Time
• Client Time
• Processing Time
Introducing the Foglight Experience Viewer (FxV) 25
Data Model Overview
• Request Details
• Client IP address
• HTTP Method (GET, POST, etc.)
• Full URL
• Server
• Path
• Request Headers (for example, User-Agent and Referer)
• Request Fields (including form field values)
• Response Details
• HTML Title
• HTML Base HREF
• Timestamp
• Server IP
• HTTP Version
• HTTP Code
• Total Response Length
• Response Headers (for example, Content-Type)
• Cookies
• Custom Fields values (determined by Hit Filters)
• Metric Updates caused (determined by Hit Filters)
• Archiver Details
• (FxM) Collector ID
• Collector Version
• Hit Identifier
• Batch ID
• Session ID
• FxM URL ID
• FxM Referer ID
• Exception(s)
• Response Contains HTML Tag
• Response Contains Frameset Tag
26 Foglight Experience Viewer
User Guide
Note The following values are available on each hit for hit analysis, but are only stored at the
session level (therefore, you can’t search for hits based on them):
• City
• Region
• Country
• ISP
• Subnet
• Browser Type
• Username
Sessions
A session is a list of hits (with the same session ID) that were submitted by the same
browser client in the same visit to the site. The following data is calculated and stored
for each session:
• Details
• Session ID
• Start Time
• Last Hit Time
• Duration
• Session Active (In Progress)
• Stop Reason
• Time of First Error
• Time of Last Error
• Client Details
• Client IP
• Browser Type
• ISP
• City
• Region
Introducing the Foglight Experience Viewer (FxV) 27
Data Model Overview
• Country
• Subnet
• Username
• Hit Counts
• Total Hits
• Stored Hits
• HTML Hits
• Total Errors
• Total Warnings
• HTML Errors
• HTML Warnings
• Transaction Counts
• Total Completed Transactions
• Completed Transaction Errors
• Completed Transaction Warnings
• Timings
• Total Client Time
• Total End to End Time
• Total Processing Time
• Custom Field values (determined by Hit Filters and/or Transaction Filters)
• Metric Updates caused (determined by Hit Filters and/or Transaction Filters)
• Hit Filter Match Counts (determined by Hit Filters)
Transactions
A transaction is a portion of a session that matched a Transaction Filter. Transactions
are considerably different than hits and sessions, in that they only exist as a result of
specific Transaction Filter definitions. The following data is stored for each transaction:
• Details
• Transaction Filter Name
• Session ID
• Start Time
28 Foglight Experience Viewer
User Guide
This section provides details about the FxV browser interface and its elements, how to
log into the GUI, and how to get quick tips about the GUI elements (via the tips). For
details about these topics, see the following sections:
• “Logging In” on page 29
• “Automatic Login via Foglight” on page 29
• “FxV Screen Elements” on page 30
Logging In
To access the Foglight Experience Viewer browser interface:
1 Enter one of the following addresses in your Web browser:
• http://[myappliance]/console
• https://[myappliance]/console (for SSL access)
Note To force all browser interface traffic to use https, log into the browser interface,
navigate to Configure > Superuser Tasks > Server Configuration, and set
SSL Redirection Enabled to Yes.
2 Enter your username and password at the Foglight Experience Viewer login
screen, then click Login. For information about default accounts, see the FxV
Installation and Administration Guide.
• Action panel—contains the various actions that you can perform, depending on
the menu option selected from the menu bar (for example, define search
conditions for a hit/session/transaction search, display the results of a data search,
edit the replay preferences, configure the FxV system, manage users and group
accounts, etc.).
For a complete list of menu options, see the following table.
Introducing the Foglight Experience Viewer (FxV) 31
FxV Browser Interface
By default, the display area shows tips about each page element. These tips contain
supplementary information regarding their corresponding element.
To view a tip:
• Click the button associated with it.
To turn tips on/off:
• Click Hide Tips/Show Tips, on the upper right side of the screen.
2
Performing Searches
This chapter presents the FxV functionality available to users when performing data
searches, and outlines the types of searches that can be performed and the results they
provide.
Data captured by FxV can be retrieved via the search screens. Three types of searches
are available in the FxV browser interface. They are distinguished by the types of data
that they return: individual hits, user sessions, and transactions.
For each of these data types, two types of search interfaces are available: default search
screen and custom search screens.
Each row in the search results screen represents a single session, transaction, or hit,
depending on the type of search that was performed. The columns that appear in the
search results depend on two factors: custom fields and user preferences. In addition to a
default set of column headings, a column is added for each custom field (with the
appropriate scope) that has been configured to appear in the search results.
To hide any of these columns, click the Edit Hidden Columns icon in the upper-left
corner of the search results screen. Alternatively, configure the set of hidden columns
via the Preferences screen, by editing the Hit/ Session/ Transaction Search Results
Hidden Columns settings.
The column by which the results are sorted can be changed by clicking any column
heading.
The full search results can be exported as a comma-separated text file (CSV) by clicking
the Export Results (CSV) button in the search results screen.
This chapter contains the following sections:
36 Foglight Experience Viewer
User Guide
Time Constraints..........................................................................................................................37
Session Search............................................................................................................................38
Transaction Search......................................................................................................................40
Hit Search....................................................................................................................................43
Search Result Limits....................................................................................................................48
Saved Searches ..........................................................................................................................48
Custom Search Screens..............................................................................................................49
Performing Searches 37
Time Constraints
Time Constraints
This section presents the generic time constraints imposed on all types of data searches.
All searches are constrained to a user-specified time window. Depending on the type of
search, several parameters define the search window, as follows:
• Time Range Mode—for session/transaction searches only, defines the type of
sessions and transactions to be searched for, in terms of their status (“active”
versus “completed”). The options available for this parameter include:
• Sessions/Transactions that started within (a specified time range)
• Sessions/Transactions that ended within (a specified time range)
• Sessions/Transactions that were in progress at (a specified time)
• Sessions/Transactions that are currently in progress (no additional time
constraints are specified)
• Time Range—restricts the search to the specified time window. It ranges from
“the last minute” to “the last 72 hours”. Alternatively, you can choose to specify
start and end times (rather than defaulting the end time to “now”).
Note The maximum (72 hours) is determined by the user’s Preference Group (and
possibly, though not typically, by the user preference settings).
Note If any options are not available for these generic parameters defining the search window, it
is due to the currently selected value of one of the other time-related fields.
Certain combinations are not allowed by the user interface. For example, if you select
“Sessions that are currently in progress” for the Time Range Mode parameter, the option
“Search completed sessions only” for the Sessions to Search parameter is disabled, since
these two values are contradictory.
Session Search
This section presents the parameters available to define a session search and the type of
information displayed in session search result screens.
Session searches return information about completed and/or active user sessions, based
on search conditions that are grouped into seven basic categories (in addition to the time
constraints presented in section “Time Constraints” on page 37):
• General Conditions—for session search, the only field in this category is the
Session ID. This provides direct access to a known session, based on its unique
ID.
• Custom Field Conditions—any number of session custom fields can be defined
by Hit Filters and Transaction Filters. These filters then populate custom field
values for each session. The value of any session-level custom field can be used
as a search condition.
Note Custom fields defined as numeric can be searched using operators such as “>” and
“<=”.
• Client IP—restricts the session search based on the IP address of the client
browser. An asterisk (“*”) can be used as a wildcard character: “66.35*”
would search for any IP addresses that begin with “66.35”.
Note An IP address cannot be used to reliably identify a single client on public Web
sites. It is not uncommon for a single client visit to use multiple IP addresses, or
for traffic from simultaneous clients to be multiplexed onto a single originating IP
address.
The session searches have the following limitation when searching on metric deltas or
hit filter matches: users can only match on zero when using the search criteria “= 0”. All
other searches, “>”, “>=”, “<“, “<=”, and “!=”, do not match on zero.
For example:
• If you use the criterion “< 5”, it returns sessions where the entry is 1, 2, 3, or 4,
but not 0.
• Also, the criterion “!= 3” returns sessions where this value is 1, 2, or >3 (not 0 or
3).
The session search results screen renders the information in table format. Each row in
the session search results table contains two icons that can be clicked to trigger activities
related to that session:
• Explore Session—click this icon to open the Session Explorer view. This is a
tabbed view that provides multiple ways to get details about the session: Details,
Transactions, Timeline, Hit Inspector, and Content Replay.
• View Session Details—click this icon to open a new window containing all
available details about the session.
Transaction Search
This section presents the parameters available to define a transaction search and the type
of information displayed in transaction search result screens.
Transaction searches return information about completed and/or active transactions of a
specific type. The first step in any transaction search is to specify the type of
transactions (that is, the Transaction Filter) to search for. Transactions can then be found
based on search conditions that are grouped into five basic categories (in addition to the
time constraints presented in section “Time Constraints” on page 37):
• General Conditions—for transaction search, the only field in this category is the
Session ID. This provides direct access to any transactions that occurred within a
known session based on its unique ID.
• Status Conditions—every transaction can have a status of OK, Warning, or Error,
as defined by the Transaction Events that make up the Transaction Filter. By
Performing Searches 41
Transaction Search
default, all transactions have a status of OK. The Transaction Filter may define
conditions that change this status.
• Custom Field Conditions—if the type of transaction being searched defines
transaction-scope custom fields, these fields can be used as search constraints.
Note Custom fields defined as numeric can be searched using operators such as “>” and
“<=”.
• Hit Count Conditions—these types of conditions allow the user to search for
transactions that contain a specified number of a particular category of hit.
• Event Conditions—every Transaction Filter is made up of one or more
Transaction Events. Some events may not occur in every transaction, and some
events may occur more than once, if allowed by the event definition. The
occurrence (or lack thereof) of a specific event can be used as a search condition.
For example: “Find transactions in which event A occurred, event B did not
occur, and event C occurred three or more times.”
The transaction search results screen renders the information in table format.
Transaction search results are similar to session search results, including the two icons
(Explore Session and View Session Details) described in session “Session Search” on
page 38.
Unique to the transaction search result screen is the display of the following Transaction
Event information:
• Each event that makes up the Transaction Filter definition (displayed above the
main result table).
• For each event, a count of the number of transactions in which the event occurred.
• The percentage of the total number of transactions returned by the search that
included the event.
Note For some types of transactions, this information is not meaningful. If all events are
required and therefore occur in every transaction, the number shown for each event
is the same and the percentage is always 100%. However, for a transaction like a
“buy tunnel”, the event counts and percentages can provide valuable information
about conversion rates and common transaction exit points.
One column unique to the transaction search result screen is Events. This column shows
a sequence of single-character labels for all Transaction Events that occurred within the
transaction, in the order that they occurred. This provides a quick summary of the
activities that took place (or did not take place) as part of the transaction.
Example:
Consider a Transaction Filter made up of the following events:
42 Foglight Experience Viewer
User Guide
The following figure illustrates an example of results returned by the transaction search
matching the conditions imposed by this Transaction Filter.
Hit Search
This section presents the parameters available to define a hit search and the type of
information displayed in hit search result screens.
Hit searches return information about individual captured hits (HTTP Requests/
Responses) based on search conditions that fall into six basic categories (in addition to
the time constraints presented in section “Time Constraints” on page 37):
• General Conditions—includes a wide range of hit details, such as the page title
(for HTML hits), the Web server, the path, and response content keywords:
• Content Keywords—restricts the hit search based on keywords found within
page content. This allows searching for visible text displayed to clients, or for
strings hidden within HTML or JavaScript code.
Foglight Experience Viewer breaks each page down into a list of keywords,
single words that are more than four characters long and less than 64
characters long. The simplest search is for one of several words: green blue
44 Foglight Experience Viewer
User Guide
(find green or blue, any order). To find an exact phrase (several words in
order), use quotes around the keywords: “Quest Software” (exact phrase).
Advanced operators include: asterisk (*) for multiple-character wildcard, plus
sign (+) for required words/phrases, minus sign for words/phrases to omit:
+re* -read (find region and repeat but not read).
Note Keyword indexing must be enabled by one or more Hit Filters. If keyword search
is not working as expected, verify that such a Hit Filter exists and that its keyword
indexing is currently enabled.
• Client IP—restricts the hit search based on the IP address of the client
browser. An asterisk (“*”) can be used as a wildcard character: “66.35*”
would search for any IP addresses that begin with “66.35”.
Note IP address cannot be used to reliably identify a single client on public Web sites.
It is not uncommon for a single client visit to use multiple IP addresses, or for
traffic from simultaneous clients to be “multiplexed” onto a single originating IP
address.
• Server IP—restricts the hit search based on the IP address of the web server
that served the hit. An asterisk (“*”) can be used as a wildcard character:
“66.35*” would search for any IP addresses that begin with “66.35”.
• HTML Title—restricts the hit search based on the HTML page title. An
asterisk (“*”) can be used as a wildcard character: “Foo*” would search for
any HTML pages with titles that begin with “Foo”.
An HTML hit is defined as a hit with a “Content-Type” response header
starting with “text/html”, containing a proper HTML tag in the response
content, and having a response code of 200. Non-HTML hits do not have
searchable titles. Click the Find HTML Title icon to choose from a list of
captured titles.
• HTTP Method—restricts the hit search based on the HTTP request method.
The most commonly used methods are “GET” and “POST”, though there are
additional methods defined by the HTTP specification. An asterisk (“*”) can
be used as a wildcard character.
• Collector ID—restricts the hit search based on the Collector used to capture
the hit. This is especially useful if multiple Collectors are being used for
different applications or in different datacenters.
• Collector Group—restricts the hit search based on the Collector Group used to
capture the hit. This is especially useful if multiple Collectors are being used
for different applications or in different datacenters.
Performing Searches 45
Hit Search
• Web Server—restricts the hit search based on the Web server that handled the
hit request. Search values should include the protocol scheme (that is, HTTP
vs. HTTPS), port number, and either a DNS name or IP address.
http://mysite:8080.com
https://12.106.87.32
An asterisk (“*”) can be used as a wildcard character: “https*” would search
for any hits served over SSL. Click the Find Server icon to choose from a
list of captured web servers.
• Path—restricts the hit search to the specified path, often used to narrow the
search to a specific page. The path is defined as the portion of the request URL
after the hostname (and optional port), with any query parameters removed.
Paths always begin with a leading slash. An asterisk (“*”) can be used as a
wildcard character: “/index*” would search for any paths beginning with “/
index”. Click the Find Path icon to choose from a list of captured paths.
• Type—restricts the hit search to hits of the specified type. An HTML hit is
defined as a hit with a “Content-Type” response header starting with “text/
html”, containing a proper HTML tag in the response content, and having a
response code of 200.
• Session ID—restricts the hit search to hits with the specified Session ID.
• Exception—restricts the hit search based on network/protocol/capture
Exceptions noted by the FxV system when the hit was captured. Exceptions
are stored with the hit as a comma separated list (for example,
CorruptedResponse,MissingProperty). To search for a single value, the search
value should be surrounded with a wildcard characters (“*”); for example,
“*CorruptedResponse*”. Click the Find Exceptions icon to choose from a
list of possible exceptions.
• HTTP Header/Field Conditions—any cookie, request header, response header, or
request field captured as part of a hit can be used as a search constraint. Request
field searches are particularly useful for finding hits based on values entered into
form fields.
Note The most frequently captured header/field names are included in the list of captured
metadata. Less frequently captured data may be excluded form this list. This feature
applies only to fields, cookies, request headers, and response headers.
• Custom Field Conditions—Hit Filters can be defined to set custom field values on
any hit. These values can be used to constrain hit searches.
Note Custom fields defined as numeric can be searched using operators such as “>” and
“<=”.
46 Foglight Experience Viewer
User Guide
In addition to the overall hit status as defined by Hit Filters, it is also possible to
search for hits based on their HTTP Response Code. This status may not
(necessarily) correspond to a value such as OK, Warning, or Error, but it does
define the status of the hit from the perspective of the Web server.
• Hit Filter Conditions—hits can be found if they met the match conditions of a
specific Hit Filter.
• Timing Constraints—restricts the hit search based on the measured performance
of the individual hits. Hits can be found by performing hit searches on:
• End to End Time—total end-to-end time recorded for the hit.
• Client Time—time spent by the client (browser) acknowledging the response
sent from server.
• Processing Time—time spent processing the hit.
The hit search results screen renders the information in table format. Each row in the hit
search results table represents an individual hit (an HTML page, an image, a CSS file,
etc.). Each row in the hit search results table contains two icons that can be clicked to
trigger activities related to the session containing that hit:
• Explore Session containing Hit—click this icon to open the Session Explorer
view. This is a tabbed view that provides multiple ways to get details about the
Performing Searches 47
Hit Search
session containing that hit: Details, Transactions, Timeline, Hit Inspector, and
Content Replay.
• View Session Details—click this icon to open a new window containing all
available details about the session.
Two additional icons are located beside each hit’s URL:
• View Hit Details—click this icon to open a window containing all available
information about the selected hit.
• Hit Content Preview—click this icon to open, in the corner of the search
results table, a small window that shows a visual representation of the hit:
• For image hits, this preview shows the actual image.
• For text files, such as CSS or JavaScript files, the actual text is displayed.
• For HTML hits, the page is rendered as it appeared to the user.
Hit search results can also be viewed in Aggregate. In this mode (selected from the
Search Result View drop-down list, above the results table), the individual hits are not
displayed. Instead, each unique URL is displayed along with a count of the number of
times a hit with that URL appeared in the search results.
Note Since this view does not show individual hits, the details/replay/preview icons are not
displayed.
Two variations of the aggregate hit search results table are available:
• full URL—the entire URL is used when identifying common hits.
• ignore URL params—any query parameters that appear in the URL are ignored
when identifying common hits.
For example, the following two hits would be considered the same when using “ignore
URL params” mode, but would be considered different in “full URL” mode:
http://www.myveryownwebsite.com/somepage?a=foo&b=bar
http://www.myveryownwebsite.com/somepage?a=dog&b=baz
In “ignore URL params” mode, these URLs would be listed as:
http://www.myveryownwebsite.com/somepage
48 Foglight Experience Viewer
User Guide
Important If a search is performed in parallel by several Archivers, the maximum search result limit
is not multiplied by the number of Archivers involved the search, but applies to each
Archiver individually.
These search result limits are configurable at the Preference Group level. Each user is a
member of a single Preference Group. By default, the search result limits are not
configurable by individual users, but it is possible to unlock these limits and allow each
user to configure their own limits via the Preferences menu on the menu bar. For more
information, see “Setting User Preferences” on page 71.
Saved Searches
Users that expect to perform repeatedly the same search have the option of saving these
search conditions as Saved Searches. Saved searches make searching easier because
there is no need to remember all the details for frequently performed searches. Saved
searches can also be shared between users, as shared resources.
To create or edit Saved Searches:
• See “Creating and Editing Saved Searches” on page 66.
To perform searches based on a Saved Search:
• In the Hit/Session/Transaction Search page, restore the saved search conditions
by selecting a saved search from the Load Saved Search list.
Note The Load Saved Search list is empty if no saved searches have been created yet.
Performing Searches 49
Custom Search Screens
Once loaded, these conditions can be modified as needed before executing the
search operation.
The second purpose of saved searches is to serve as the basis for the creation of Custom
Search Screens. The saved searches must specify search condition values that the
custom screen can use or override. For more information, see “Defining Custom Search
Screens” on page 65.
This chapter describes how FxV users can analyze a session of interest, and outlines the
available analysis views. To access these views, click the Session Explorer icon on
the search results screen.
Edit Session Opens a dialog box which allows you to modify the
Explorer default Session Explorer settings. For more
Preferences information, see “Session Explorer Settings” on
page 72.
Analyzing User Sessions 53
Details View
Details View
The Details view presents all data elements (and their values) that define the session of
interest.
To access this view, click the Session Explorer icon on any search result screen,
then click the Details tab. The same information can also be accessed via the hit or
session search result screen, by clicking the View Session Details icon.
Details View Figure 1
The session details are grouped in several categories and presented in a tabbed format.
The following data is calculated and stored for each session (for a complete list of
elements see “Sessions” on page 26):
• Client, Counts and Timings—contains Details, Client Details, Transaction
Counts, Hit Counts, and Timings
• Custom Fields—contains custom fields set by Hit Filters and/or Transaction
Filters
• Metric Updates—contains metrics updated by Hit Filters and/or Transaction
Filters
• Hit Filter Matches—contains matches determined by Hit Filters
54 Foglight Experience Viewer
User Guide
Timeline View
The Timeline view presents a time-accurate visual representation of how long hits
within the session lasted, and their time-relation to other hits.
To access this view, click the Session Explorer icon on any search result screen,
then click the Timeline tab.
Timeline View Figure 2
The Timeline view displays individual “bars” that represent the hits. Each “bar” has
banded colors which further break down the duration of each hit into client time,
processing time, and latency. Additionally, any transactions that occurred during the
session are displayed in relation to the hits (and other transactions). This view gives
great visibility into the parallel nature of how hits occur in the “real world”.
Each hit bar can be accompanied by icons and labels, which are made visible/hidden by
clicking the Labels and Icons buttons, respectively. The icons are the same as in the hit
search results screen and in the Content Replay view. The hit labels are a shortened
version of the hit’s URL (which is usually the “filename” part); this shortening is due to
limited space available for hits’ display. The number within brackets is part of the label
(for example, [2.5]) and is intended to match up hits between the three views that deal
with hits (that is, Timeline, Hit Inspector, and Content Replay). These numeric labels are
only relevant to the session views and they may change within a particular session if
you refresh a session that is “in progress”.
Analyzing User Sessions 55
Hit Inspector View
To access this view, click the Session Explorer icon on any search result screen,
then click the Hit Inspector tab.
56 Foglight Experience Viewer
User Guide
The upper pane of the Hit Inspector view lists all hits that make up the session of
interest and a brief summary of their details. The column by which the hits are sorted
can be changed by clicking any column heading.
The lower pane of the Hit Inspector view provides complete details about the hit
selected in the upper panel.
The hit details are grouped in several categories and presented in a tabbed format. The
following data is collected and stored for each hit (for a complete list of elements see
“Hits” on page 24):
• Request—contains Request Details, Request Headers, and Request Fields
• Response—contains Response Details and Response Headers
• Cookies—contains cookies
• Status Analysis—contains status information as determined by Hit Filters
• Timings—contains Timing Details
• Hit Custom Fields—contains custom fields set by Hit Filters
• Metric Updates—contains metrics updated by Hit Filters
• Other—contains Archiver Details
Analyzing User Sessions 57
Content Replay View
Note The Content Replay view is available only to FxV users who are part of a User Group for
which the Hit Content Replay privilege has been enabled.
To access this view, click the Session Explorer icon on any search result screen,
then click the Content Replay tab. The following figure illustrates the Content Replay
GUI.
Content Replay GUI Figure 4
• Captured Hits—displays the list of hits that were captured by FxV for the
session being replayed. This is essentially the list of hits that were actually
sent over the network to the end user’s browser.
• Page Visit Order {pv#}—displays the list of HTML Pages in the order in
which FxV determines the end user visited the pages.
Note Captured hits may be visited more than once during a session (for example, by
using the Back button) and thus they may appear in the Page Visit Order more
than once.
• Hit Details pane—displays brief details about the currently selected hit, along
with some end user navigation information.
Note You can hide/ display this pane by clicking the collapse / expand icons.
• User Input pane—contains the User Input tab, which displays field values
submitted with HTML forms from the currently selected hit, if applicable.
Note You can hide/ display this pane by clicking the collapse / expand icons.
• Hit Replay pane—displays data captured by FxV for the currently selected hit.
Depending on the display mode selected, this pane may “replay” pages as the end
user has originally seen them, as source code, or as a list of complete hit details.
The Hit Selection pane and the Hit Details pane use the same color scheme in presenting
the list of captured hits (that is, Referer = previous page visited, highlighted hit = current
page, and Navigated To = next page visited).
Analyzing User Sessions 59
Content Replay View
The following table presents the functionality of the Replay menu bar.
View Show Only HTML Hits In the Hit Selection pane, toggles
between these options:
• ON—displays only the HTML hits in
the selected session.
• OFF—displays all hits in the selected
session, including non-HTML pages
such as images and style sheets.
Display Full URL for Hit In the Hit Selection pane, toggles
Labels between these options:
• ON—displays the full URL for hit
labels, including the parameters (e.g.,
http://foo.com/bar?p1=v1).
• OFF—displays only a the URL path
for the hit labels (e.g., /bar for the
URL http://foo.com/bar).
Hit Replay (Highlight User Same as “Hit Replay” mode, except that
Input) any form fields where the user entered
data are populated with the data that
was entered, and the links clicked are
highlighted.
Important Visual replay is most reliable when applied to Web 1.0 applications that make light use of
JavaScript. Heavy use of JavaScript and frames can negatively impact FxV’s ability to
replay the user experience with complete accuracy.
Transactions View
The Transactions view presents information about any transactions that took place
during the session being explored.
To access this view, click the Session Explorer icon on any search result screen,
then click the Transactions tab. This tab is selected automatically when entering from a
transaction search result page.
62 Foglight Experience Viewer
User Guide
The upper pane of the Transactions view lists all transactions that occurred during the
selected session, and a brief summary of their details. The column by which the
transactions are sorted can be changed by clicking any column heading.
The lower pane of the Transactions view, named Transaction Details, provides
complete details about the transaction selected in the upper panel.
The information presented in the Transaction Details pane can also be accessed via the
transaction search’s result screen, by clicking the View Transaction Details icon.
The transaction details are grouped in several categories and presented in a tabbed
format. The following data is calculated and stored for each transaction (for a complete
list of elements see “Transactions” on page 27):
• Client, Counts and Timings—contains Details, Hit Counts, and Timings
• Events—contains information about the Transaction Events that occurred as
defined by the Transaction Filter
• Custom Fields—contains custom fields set by Transaction Filters
• Metric Updates—contains metrics updated by Transaction Filters
Analyzing User Sessions 63
Combined Sessions View
A Custom Search Screen is a simplified search screen, usually defined for frequently
used searches or for less-technical users. They allow searches to be performed using
simple screens that contain just a few familiar fields that apply specifically to the
business (for example, Name, Address, Account Number, etc.). The first step towards
defining a Custom Search Screen is to create a Saved Search.
Note This procedure illustrates the example of a session saved search. For hit and transaction
saved searches, similar procedures apply.
1 In the FxV browser interface, on the menu bar, click Search > Sessions.
The Search Sessions page appears.
2 Set the search conditions as needed for your session search.
3 In the Save Search As text box, specify a unique name for the search, then click
Save.
The Select Resource Groups page appears.
4 Select the check box(es) beside the resource groups to which this resource must
belong, then click OK.
The Search Sessions page re-appears. The search conditions are now saved and
the name of the Saved Search appears in the Load Saved Search list.
Note The Select Resource Group screen appears if you have access to more that one
Resource Group configured to store saved searches. This screen may not appear
depending on the configuration of your system. For more information about
Resource Groups, see“Resource Groups” on page 183.
Defining Custom Search Screens 67
Creating and Editing Custom Search Screens
3 Click OK.
Note The first step towards creating a Custom Search Screen is to create a Saved Search. For
more information, see “Creating and Editing Saved Searches” on page 66.
4 Fill in the Custom Search Screen Name. Upon creation, this name will be
displayed in the list of available screens, in the Custom Search menu, on the
menu bar.
Note The Custom Search menu is only displayed to users who have access to at least
one custom search screen. Therefore, it is not displayed to any users until at least
one custom screen has been created.
5 Add search fields and order them using the Move Up and Move Down
arrows. The names of these fields will appear (in the same order) on the Custom
Search Screen. These names must be meaningful to the screen’s users (for
example, Login, First Name, Account Number, etc.).
6 Select one or multiple search phases from the Search Phases list and order them
using the Move Up and Move Down arrows.
When a user submits a search via a Custom Search Screen, one or more Saved
Searches are executed. While it is often sufficient to execute a single search, it is
possible to specify multiple searches (phases) to be executed in sequence, until at
least one result is found. This can be useful, for example, if there are multiple
pages where the user can log in. Each page can be searched by its own Saved
Search in order to cover all possible entry points.
For each Search Phase, mappings are defined from the fields entered by the user
of the custom search screen to fields and/or cookies sent from the client.
7 Click OK.
The Custom Search Screen is now saved and appears in the list of screens
available for this user.
Note If this is the first Custom Search Screen created for this user, then the Custom
Search menu appears on the menu bar.
• To modify a Custom Search Screen, click the Edit icon, and update the
fields as needed.
• To delete a Saved Search from the system, click the Delete icon.
3 Click OK.
70 Foglight Experience Viewer
User Guide
5
Setting User Preferences
This chapter outlines the preferences that users can view and edit (depending on their
privileges): account information, replay settings, and search settings.
Account Information
The fields in the Account Information section allow you to edit basic information about
your account.
To edit the Account Information settings:
1 In the FxV browser interface, on the menu bar, click Preferences.
The Preferences page appears.
2 In the Account Information area, identify the fields that need editing. The
following fields are provided: Login (not editable), Last Name, First Name,
Email, and Password.
Note The Password field is not directly editable on this page. To change your password,
click Change Password and follow the instructions.
To modify the settings for user accounts other than your own, see “Managing User
Account Settings” on page 175.
• Via the Session Explorer screen—on the toolbar, click the Edit Session Explorer
Preferences icon.
The Session Explorer Settings dialog box appears.
Note An individual user can edit the Replay Settings only if this operation is enabled via the
Preference Group to which that user belongs to. Settings that are not locked in a Preference
Group serve as defaults, and may be changed by individual users. Locking a setting
immediately overrides any user-specified values. For more information about this topic, see
“Preference Groups” on page 184.
• Less Strict Replay With User Input (Forms)—when set to “Yes”, improves the
replay of user input data, in cases where JavaScript is used to manipulate form
field values.
• Less Strict Replay With User Input (Links)—when set to “Yes”, may improve
replay of user clicked links, in the cases where hit referrers are not present.
• Show Only HTML Hits—specifies if non-HTML hits (such as images and style
sheets) should be listed in the Hit Selection pane, when first opening the Replay
browser interface.
Note This setting may be changed during replay by clicking the Show Only HTML Hits
icon.
• Hit List Display Mode—specifies how the URLs are displayed in the Hit
Selection pane, when first opening the Replay browser interface. The following
options are available for selection:
• Show Title (or Path)—displays the HTML page title, or the path (when the
title is unavailable).
• Show Title (or Full URL)—displays the HTML page title, or the URL (when
the title is unavailable).
• Show Path Only—displays only the path to the hit (for example, “/bar” for
the URL “http://foo.com/bar”).
74 Foglight Experience Viewer
User Guide
• Show Full URL—displays the full URL for the hit, including any parameters
(for example, “http://foo.com/bar?p1=v1”).
Note This setting may be changed during replay by clicking the Display Page Titles for
HTML Hit Labels and the Display Full URL for Hit Labels icons.
• Display Mode—defines the default display mode to be used on the Replay pane,
when first opening the Replay browser interface. The following options are
available for selection:
• Hit Replay—displays hits as the user has seen them, including any errors.
Note If the content is unavailable (for example, if the browser used a cached page),
the replay system may attempt to obtain the content from other sessions or from
the live Web server, depending on the values of the “Use Elements From
Unrelated Sessions” and “When Element Content Not Available” settings.
• Hit Replay (with user form input)—displays hits similarly to “Hit Replay”
mode, except that any form fields where the user has entered data are
populated with the data that was entered, and links clicked are highlighted.
• Hit Details—displays network and HTTP details including response time, hit
analysis (including Hit Filter matches), request and response fields and
headers, cookies, and Archiver details.
• Hit Source—displays the source code that was captured for HTML hits, useful
for debugging dynamic Web applications.
• User Input Highlighting - Primary Color—specifies the primary color to be used
when highlighting user input. Any valid CSS color value may be used (for
example, #FC0, RGB(255,204,0), lime).
Note The color input field uses the specified color as its background color. If the field has a
blank background, this indicates an invalid color code (or white).
Elements From Related Sessions option is enabled). The following options are
available:
• Redirect to ‘live’ web server—page elements may be used from the live Web
server.
Note This option is a bad choice if the live server is not reachable from the Replay
browser interface or the live Web server/application requires a login to reach
page elements.
• Send 404 Response—the replay system sends a “404” error code to the
browser replaying the session. For missing images, a “broken image” icon is
displayed; if style sheets or javascript are missing, then the HTML page may
not visually render correctly.
The following Session Combining Settings may be configured:
• Session Combining Custom Field—specifies the name of the custom field for
combining other sessions for the Session Explorer. For example, if “Client IP” is
the selected Session Combining Custom Field and the current session being
explored has the custom field name/value: “Client IP”/”10.0.0.10”, hits from
other sessions with the same custom field name/value pair should be combined
with the session currently being explored. By default, this field is disabled.
Caution This functionality should be avoided, unless proper sessionizing hits into unified
sessions is not possible.
Note Combining sessions only combines the hits from multiple sessions for Replay.
Session statistics/details and Transaction Filter matching are not affected by this
setting.
Search Settings
The Search settings allow you to control the search conditions and the display of results,
as follows:
• Limit the amount of data to be included into a search and the maximum time
range over which to perform the search.
• Specify the default type of view for the search result screen.
• Define the type of information to be included by default in the result screen.
76 Foglight Experience Viewer
User Guide
Note An individual user can edit the Search Settings only if this operation is enabled via the
Preference Group to which that user belongs to. Settings that are not locked in a Preference
Group serve as defaults, and may be changed by individual users. Locking a setting
immediately overrides any user-specified values. For more information about this topic, see
“Preference Groups” on page 184.
• Session Search Result Limit—defines the maximum number of sessions that can
be returned from a single Archiver in response to a single session search. The
default value is 200; the maximum value allowed is 1000. Larger values may
increase the time required to complete a search.
Note This limit is applied per Archiver searched. For an installation with three Archivers
and a result limit of 200 sessions per search, up to 600 sessions may be returned in
one search.
• Search Time Range Limit—defines the largest possible (and default) time range
limit used when searching. All Search screens are constrained to use a specific
time range (for example, the last 48 hours).
Note The default value is 48 hours. The maximum value allowed is 72 hours. Larger
values may increase the time required to complete a search.
Setting User Preferences 77
Search Settings
• Search View—specifies the search screen to be used when logging into the FxV
browser interface, and when clicking Search on the menu bar.
Note The default value is “Find Transactions”. If “Find Transactions” is selected and there
are no Transaction Filters defined, then “Find Sessions” is used by default.
• Hit Search Result View—specifies the view first used when displaying hit search
results (default value is “Hits”). The options are the following:
• Hits—shows the individual hits found by the hit search. From this view, you
can preview the content of a hit and other hit details.
• Aggregate (full URL)—groups hits together based on URL (for example, if a
search returned several hits against the exact same URL, this would be
displayed as a single result row).
• Aggregate (ignore URL params)—aggregates hits by URL, but ignores URL
query parameters (the portion of the URL after the “?”).
Note The view type can also be changed via the search results screen, by selecting an
option from the Search Result View drop-down menu.
This chapter presents the resources available to users for configuring the FxV Hit
Analysis process, that is, resources defining the conditions and actions used to analyze
hits or sessions as they are captured.
For Hit Analysis examples see “Hit Analysis Examples” on page 133.
For details about how to configure a secondary database for long-term storage of
session and transaction data captured by FxV, see “Configuring the Analysis
Repository” on page 149.
80 Foglight Experience Viewer
User Guide
Hit Filters
A Hit Filter is a collection of match conditions and actions to be performed when a hit
matches those conditions. Every Hit Filter is evaluated against each hit as it enters an
FxV Archiver.
Hit Filters can be used to detect and alert on any per-hit conditions, to mark interesting
hits for later searching, and to manage hit storage. They can also be used to define
events within Transaction Filters.
Hit Filters are helpful because they provide a human context to the captured hits. For
example, it is easier to search and alert on Login Attempts using a Hit Filter than to
search and alert by the server, path, and fields used by the Web application.
Hit Filters are very powerful in their ability to extract custom fields and update metrics.
Using regular expressions, Hit Filters can pull data from fields, headers, cookies, or
from page content.
For detailed information about Hit Filters, see the following sections:
• “Hit Filter Match Conditions” on page 80
• “Hit Filter Actions” on page 81
• “Hit Filter Configuration” on page 90
• “Hit Filter Additional Information” on page 92
Note The most frequently captured header/field names are included in the list of captured
metadata. Less frequently captured data may be excluded from this list. This feature applies
only to fields, cookies, request headers, and response headers.
Configuring the Hit Analysis Process 81
Hit Filters
Execute Scripts
FxV Hit Analysis supports the concept of script execution using the Groovy
programming language. Scripts can be used to perform complex operations which are
not supported directly by the Hit Analysis model, including the execution of complex
algorithms or remotely accessing external systems (for example, to look up user account
information based on data in the hit, such as a user ID).
Scripts can set output variables that can be referenced in other areas of the Hit Filter (for
example, custom fields and metrics). If the only purpose of a script is to set a particular
output variable, it doesn’t need to be explicitly executed as an action of the Hit Filter.
Instead, the script output variable can be referenced when updating the custom field or
metric, and the script is executed as needed.
For detailed information about scripting, see “Scripts” on page 118.
In the latter case, you must specify only the value source and the value population
policy. Optionally, you may also override any of the following three attributes defined
for the Custom Field: Value Assignment Mode, value Separator (for append modes), and
Update If Blank. The other attributes get the default settings defined for that Custom
Field.
Name
This field defines the name of the Custom Field.
Note This name may contain only letters, numbers, and spaces. Other characters are not
allowed. Names must be less than 80 characters long, and cannot contain leading or trailing
spaces.
Description
This field is optional. If populated, it is used to build tooltips and reports, when the
custom field name appears as a column heading in a search results screen.
Storage (Scope)
A Hit Filter can set hit-scoped or session-scoped custom fields. Within these two
categories, there are additional options to be considered. The main thing to decide is
where the custom field needs to be seen.
The following table presents the values you can select for hit-scoped custom fields.
Show in Search Results For fields that should appear in search results.
Not in Search Results For fields that should not be in search results, but
can be seen when examining hit details for a
specific hit.
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
84 Foglight Experience Viewer
User Guide
The following table presents the values you can select for session-scoped custom fields.
Available only during Hit In some cases, a piece of data extracted from a hit
Analysis is needed by a Transaction Filter. This setting
allows such data to be stored for transaction
processing purposes without exposing the value
at the session level.
Show in Search Results For fields that should appear in search results.
Not in Search Results For fields that should not be in search results, but
can be seen when examining session details for a
specific session.
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
Show in Search Results (+ Audit For fields that should appear in search results, and
Log) be used for audit logging.
Not in Search Results (+ Audit For fields that should not be in search results, but
Log) can be seen when examining hit details for a
specific hit, and be used for audit logging.
First Column in Search Results For identifying fields (for example, username)
(+ Audit Log) that should appear first in search results (far left
side of the results screen). Also used for audit
logging.
1
The options that end with “(+ Audit Log)” can be used to flag custom fields for audit logging
when sessions are viewed by FxV users. This allows you to track the data seen by individual
FxV users.
Storage (Type)
A Custom Field must be declared as either a string (Store Values as Text) or numeric
(Stores Values as Numbers) field. Explicitly defining a custom field as numeric enables
searching based on numerical comparison operators (for example, is the value of custom
field “shopping cart value” greater than 100?). Numeric sorting is also enabled.
Configuring the Hit Analysis Process 85
Hit Filters
Value Source
A custom field’s value source defines where the value for the field comes from. The
following basic types of value sources are available:
• Hit Details—any data already associated with the hit (request field values, cookie
values, URL, etc.).
• Script Output—any data exposed as an “output variable” by a Groovy script.
Note The script is executed as needed in order to populate the custom field.
Value Description1
Reset value on each match Default mode in which the custom field value is
always set to the value defined by the current
value source [2].
86 Foglight Experience Viewer
User Guide
Value Description1
Set value on first match if not Once the custom field value is set, it is not
already set changed [1].
Append to value on each match Concatenates values as they are encountered (an
optional separator can be inserted between the
values) [1232].
Increment value on each match Increments a numerical custom field value by the
amount defined by the current the value source
[8].
Append to value on each match Similar to Append to value on each match, but
(if unique) only unique values are added [123].
Append to value on each match Similar to Append to value on each match, but
(if unique, ignoring case) values like “foo” and “Foo” are considered
identical [123].
1
The values in brackets represent the final custom field value in the case where three
assignments to the same field occur in the following sequence: 1, 2, 3, 2.
Update If Blank
Blank values (as defined by any value source) are ignored by default (that is, a previous
custom field value is not replaced by a blank value). This behavior can be changed by
setting the Update If Blank flag to “Yes”.
• Hit Details—any numeric data already associated with the hit (for example,
request field values, cookie values, extracted response content, etc.).
Like custom fields, metric values are typically updated any time a Hit Filter’s match
conditions apply to a hit. However, it is possible to configure updates to occur
conditionally, based on the hit status (either the final hit status, or the hit status
determined by the current Hit Filter).
When entering the name for a metric, it is sometimes useful to parameterize the name
based on some piece of data from the hit.
Example
You may want to define a series of metrics such as:
Errors from Spain
Errors from France
Errors from Italy
These can be defined via a single metric that contains a substitution token. The name of
the metric would be defined as Errors from $0.
When $0 is included in the metric name, the Hit Filter UI displays a field called
$0 Source used to identify the value source for the $0 token (that is, the data that should
be used to replace $0 in the metric name).
In this example, you would select Country from the list of hit details, and the hit’s
country would be used in the metric name.
Important All value sources available for populating custom field and metric values are available
here as well. In order to avoid the creation of an unusable number of metrics, ensure that
there is a reasonable number of unique values for the substitution token.
consideration in terms of how they are stored. Various combinations of the following
options may be selected:
• Do not store hit—hits matching the conditions are dropped completely (that is, no
data is stored), and they are not available for search/replay. This setting saves on
storage space, but results in complete loss of data for hits matching the Hit
Filter’s match conditions. This setting requires that the Do not store response
content setting is selected.
• Do not store response content—hit details are stored without response content.
• Index response content—response content is stored and indexed, to make the hit’s
content keyword-searchable. This setting requires that the Do not store hit and Do
not store response content settings are not selected.
• Do not store hit details marked “Always Sensitive”—hit is stored after applying
any Sensitive Hit Detail rules defined as “Always Sensitive” (to avoid storing
sensitive fields, headers, or cookie values). This setting requires that the Do not
store hit setting is not selected.
• Do not store response content marked “Always Sensitive”—response content is
stored after applying any Sensitive Response Content Expressions defined as
“Always Sensitive” (to hide sensitive data contained in the response content
before storing the hit). This setting requires that the Do not store hit and Do not
store response content settings are not selected.
Note If a hit matches multiple Hit Filters, any overrides to the default storage policy are honored.
Storage restrictions can be customized based on the final status of the hit (for all
matching filters), or just the status defined by this Hit Filter alone. You can choose to
keep all matching hits, or just the errors, or tailor your storage to make best use of the
available disk space.
Mark Hit
You can also determine (via Mark Hits menu) whether a Hit Filter match should be
stored in the capture database for later searching. The following options are available:
• Always—to be able to search on the Hit Filter.
Configuring the Hit Analysis Process 89
Hit Filters
Note Hit Filters whose match conditions are set to match every hit should always be configured
as “non-searchable”, since every hit would be returned by a search looking for matches to
that Hit Filter.
In some situations, it is desirable to say that any time a hit matches a Hit Filter’s match
conditions, its status should be set to Error. In fact, the FxV user interface supports this
concept as the default when setting a non-OK status. If a status value must be set only in
certain situations, an additional step is necessary to define the error and warning
conditions.
Multiple Hit Filters can potentially evaluate differently the status of a given hit. The
basic rule prevailing in this case is “worst status wins”. That is, if any Hit Filter sets a
hit’s status to Error, the hit’s final status is Error. If one Hit Filter sets the status to
Warning and another sets it to Error, the hit’s final status is Error. There are situations
where it may be important to distinguish between the status of the hit according to Hit
Filter X and the final status of the hit (once all Hit Filters have evaluated the hit and set
the hit status). The Hit Filter and Transaction Filter interfaces make this distinction and
refer to the “final status of the hit” versus the “status recorded by Hit Filter X” where it
is useful to differentiate between these two types.
Example:
Hit Filter A does not set the status.
Hit Filter B sets the status to Warning.
Hit Filter C sets the status to Error.
In this case, the final status of the hit is Error. The status according to Hit Filter A
is OK, the status according to Hit Filter B is Warning, and the status according to
Hit Filter C is Error.
• Default HTTP Error Codes—marks hits with an Error status value due to HTTP
Error Code; specifically, the status of hits with an HTTP response code of 400 or
greater (with the exception of 401) is set to Error.
• Default Session Custom Fields—adds a custom field called Initial Referer to
every session.
• Default Session Page Visit Custom Fields—adds an Entry Page and a Last Page
Visited custom field to every session with HTML hits.
• Default Type Exclusions—excludes hits by response content type. This Hit Filter
is disabled by default. It is provided as a template for customers wishing to reduce
the volume of data captured by the system.
• Optional Keyword Indexing—turns ON content keyword indexing for all HTML
hits. Hits can be indexed based on two factors:
• A hit filter has to “mark” the hit for indexing.
• The response content type has to start with either “text/html”, “text/xml”, or
“text/plain”.
To configure the Hit Filters in your system:
1 On the menu bar, click Configure > Hit Analysis.
The Hit Analysis page appears.
2 Expand the Hit Filters section.
The Hit Filters already defined in your system are displayed in table format.
Used By Lists any Transaction Filters (or Special Events) currently using
this Hit Filter.
The Disabled icon following a filter name indicates that the
Transaction Filter is currently disabled.
If the hit filter match counts for this filter are stored in the Analysis
Repository, the Analysis Repository icon is also displayed.
• To create a new Hit Filter, click Create Hit Filter, then fill in the information
requested.
4 Click OK.
Transaction Filters
A Transaction Filter is a collection of conditions and actions used to analyze sessions as
they are captured, and to identify the distinct transactions within those sessions. While
they are most commonly used to identify a series of hits that make up some sort of
logical transaction, Transaction Filters can be used to detect any activity within a
session. A key distinction between Hit Filters and Transaction Filters is that Hit Filters
can only examine the hit currently being processed, while Transaction Filters can act on
a series of hits within the active session.
A session is a set of hits with the same Session ID that were submitted by the same
browser client in the same visit to the site. Sessions are tracked based on simple timeout
rules and configurable Global Stop Events. A transaction is a portion of a session that
met the criteria specified by a Transaction Filter.
Configuring the Hit Analysis Process 93
Transaction Filters
A Transaction Filter can detect multiple events that provide information about site
problems and client activity within a related set of pages. Like Hit Filters, Transaction
Filters give a helpful and relevant context to the captured data, making the searching
and reporting easier.
For detailed information about Transaction Filters, see the following sections:
• “Transaction Events” on page 93
• “Transaction Event Match Conditions” on page 94
• “Transaction Event Actions” on page 97
• “Transaction Filter Storage Configuration” on page 104
• “Transaction Filter Configuration” on page 105
• “Transaction Filter Additional Information” on page 106
Transaction Events
Transaction Filters are made up of a series of Transaction Events (events). There are a
number of different types of events, but the most common type is “Hit Filter match”—
an event that occurs as the result of a Hit Filter’s match conditions matching an
incoming hit. Like Hit Filters, Transaction Events consist of matching conditions (for
example, the fact that Hit Filter X matched a hit) and a collection of actions to be
performed when those conditions are matched. The different types of match conditions
and events are described in the following sections.
Each Transaction Event has a name and an optional one-character label. The labels are
used to summarize the events that occurred in a given transaction.
Example:
A Transaction Filter has a start event, three intermediate steps, and a stop event, and
uses the labels S, 1, 2, 3, and F for these events. When viewing a list of transactions, the
events may appear as S123F / S12F / S321F etc., indicating which events occurred for
each individual transaction.
specify an entry state of Active. Certain special events can be defined with an entry
state of Stopped. These events use special match conditions that only apply to post-
transaction processing.
When determining whether or not to evaluate an event’s match conditions, the Hit
Analysis system checks the value of the “allow multiples” flag, in addition to checking
the entry state. If a given event has already occurred for the current transaction and this
flag is set to “No”, the event is not evaluated again. When this flag is set to “Yes”,
multiple occurrences of a given event can be registered within a single transaction. Each
time the match conditions are met, the event’s actions are executed and the event is
recorded. Using the event labels described earlier, this may result in event label
sequences such as S112233123321F, if the events with labels 1, 2, and 3 are all
configured to allow multiple occurrences.
considered to have occurred. Optionally, a specific hit status can be specified (for
example, if the hit matches Hit Filter Foo and has a status of “Error”).
Script Output
This type of match condition allows you to trigger an event based on the value of an
output variable set by a script.
Session/Transaction Duration
This type of match condition triggers based on the duration of the session or transaction.
The duration of a session is based on the time passed since the first hit in the session.
The duration of a transaction is based on the time passed since the transaction started, as
defined by some other Transaction Event (one which changed the state of the
transaction to In Progress).
The following timing values can be evaluated:
• Client Time—the amount of time spent on the client side during client-server
communication with multiple bursts. It is the sum of all the Client Time delays
that occur between each burst of server data.
• Total Time—total “wall clock” time for the session or transaction. In other words,
the amount of time that has passed since the session or transaction started.
• Processing Time—the total time spent by the Web server(s) processing hits that
occurred within the session or transaction.
• End-to-End Time—the total time spent downloading the contents of the URLs
processed within the session or transaction.
Always True
This type of match condition triggers on any hit. The purpose of this type of condition is
to allow for the creation of transactions that start as soon as the session starts. By using
an Always True condition to trigger a transaction state change to “In Progress”, the
Transaction Filter causes a new transaction to start with every new session.
Note A session should only be marked as Stopped in cases where you are certain that the Web
application has ended the session.
Some events do not impact the state of the transaction (or session). Once a transaction is
active (that is, it has been started by some event), other interesting events may occur that
leave the transaction in the Active state.
Execute Scripts
FxV Hit Analysis supports the concept of script execution using the Groovy
programming language. Scripts can be used to perform complex operations not
supported directly by the Hit Analysis model, including the execution of complex
algorithms or the remote access of external systems (for example, to look up user
account information based on captured data such as a user ID).
Scripts can set output variables that can be referenced in others areas of the Transaction
Event (custom fields and metrics). If the only purpose of a script is to set a particular
output variable, the script does not have to be explicitly executed as an action of the
Transaction Event. Instead, the script output variable can be referenced when updating
the custom field or metric, and the script is executed as needed.
For detailed information about how scripting works, see “Scripts” on page 118.
Configuring the Hit Analysis Process 99
Transaction Filters
Name
This field defines the name of the Custom Field.
Note This name may contain only letters, numbers, and spaces. Other characters are not
allowed. Names must be less than 80 characters long, and cannot contain leading or trailing
spaces.
Description
This field is optional. If populated, it is used to build tooltips and reports, when the
custom field name appears as a column heading in a search results screen.
100 Foglight Experience Viewer
User Guide
Storage (Scope)
A Transaction Filter can set transaction-level or session-level custom fields. Within
these two categories, there are additional options to be considered. The main thing to
decide is where the custom field needs to be seen.
The following table presents the values you can select for hit-scoped custom fields.
Available only within this For fields that are only needed within the
Transaction Filter definition of the Transaction Filter (perhaps as a
value source for some other custom field or
metric).
Show in Search Results For fields that should appear in search results.
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
Not in Search Results For fields that should not be in search results, but
can be seen when examining transaction details
for a specific transaction.
The following table presents the values you can select for session-scoped custom fields.
Available only for Transaction Makes the custom field value available to any
Filters Transaction Filter defined in the system, but the
value does not appear when viewing session
search results or session details.
Show in Search Results For fields that should appear in search results.
Not in Search Results For fields that should not be in search results, but
can be seen when examining session details for a
specific session.
Configuring the Hit Analysis Process 101
Transaction Filters
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
Show in Search Results (+ Audit For fields that should appear in search results, and
Log) be used for audit logging.
Not in Search Results (+ Audit For fields that should not be in search results, but
Log) can be seen when examining hit details for a
specific hit, and be used for audit logging.
First Column in Search Results For identifying fields (for example, username)
(+ Audit Log) that should appear first in search results (far left
side of the results screen). Also used for audit
logging.
1
The options that end with “(+ Audit Log)” can be used to flag custom fields for audit logging
when sessions are viewed by FxV users. This allows you to track the data seen by individual
FxV users.
Storage (Type)
A Custom Field must be declared as either a string (Store Values as Text) or numeric
(Stores Values as Numbers) field. Explicitly defining a custom field as numeric enables
searching based on numerical comparison operators (for example, is the value of custom
field “shopping cart value” greater than 100?). Numeric sorting is also enabled.
Value Source
A custom field’s value source defines where the value for the field comes from. Three
basic types of value sources exist:
• Other Custom Fields—a custom field associated with the active session or
transaction.
• Script Outputs—any data exposed as an “output variable” by a Groovy script.
Note The script is executed as needed in order to populate the custom field.
Value Description1
Reset value each time this event Default mode in which the custom field value is
occurs always set to the value defined by the current
value source [2].
Set value the first time this event Once the custom field value is set, it is not
occurs changed [1].
Append to value each time this Concatenates values as they are encountered (an
event occurs optional separator can be inserted between the
values) [1232].
Increment value each time this Increments a numerical custom field value by the
event occurs amount defined by the current the value source
[8].
Append value on each match (if Similar to Append to value each time this event
unique) occurs, but only unique values are added [123].
Append value on each match (if Similar to Append to value each time this event
unique, ignoring case) occurs, but values like “foo” and “Foo” are
considered identical [123].
1
The values in brackets represent the final custom field value in the case where three
assignments to the same field occur in the following sequence: 1, 2, 3, 2.
Update If Blank
Blank values (as defined by any value source) are ignored by default (that is, a previous
custom field value is not replaced by a blank value). This behavior can be changed by
setting the Update If Blank flag to “Yes”.
Configuring the Hit Analysis Process 103
Transaction Filters
• Numeric Custom Fields—any numeric custom field associated with the active
session or transaction.
Metric updates defined by Transaction Events do no take place until the transaction
stops. Updates can be configured to take place unconditionally (as soon as the
transaction ends) or conditionally based on the Commit Pending Metric Update policy
defined for the Transaction Filter.
When entering the name for a metric, it is sometimes useful to parameterize the name
based on some piece of data from the transaction.
Example
You may want to define a series of metrics such as:
Errors from Spain
Errors from France
Errors from Italy
These can be defined via a single metric that contains a substitution token. The name of
the metric would be defined as Errors from $0.
When $0 is included in the metric name, the Transaction Filter UI displays a field called
$0 Source used to identify the value source for the $0 token (that is, the data that should
be used to replace $0 in the metric name).
In this example, you would select Country from the list of transaction details, and the
transaction’s country would be used in the metric name.
Important All value sources available for populating custom field and metric values are available
here as well. In order to avoid the creation of an unusable number of metrics, ensure that
there is a reasonable number of unique values for the substitution token.
104 Foglight Experience Viewer
User Guide
• To remove a Transaction Filter from the system, click the Delete icon.
Note If a filter is stored in the Analysis Repository, you can delete it from system only
after you remove its mapping to the Analysis Repository.
106 Foglight Experience Viewer
User Guide
• To create a new Transaction Filter (using the full-featured user interface), click
Create Transaction Filter, then fill in the information requested.
• To create a new Transaction Filter and new Hit Filters in a single step, click
Quick Create, then fill in the information requested. This interface supports
only very simple Hit Filters that match on a single URL path or HTML page
title.
Note You can use the Quick Create interface to quickly create multiple Hit Filters and
the Transaction Filter that uses them and then go back and modify the individual
filters as needed.
4 Click OK.
Special Events
The model used to describe the events that define each Transaction Filter is also used to
define three global events. These events are not specific to any particular Transaction
Filter, but they run as part of the Hit Analysis process that occurs for each hit captured
by the system. These events defined outside Transaction Filters stand on their own.
Certain aspects of the Transaction Event model do not apply to the special events.
Specifically, anything that depends on the enclosing Transaction Filter or the active
transaction is not applicable, since these events are not evaluated in the context of a
transaction.
The three events that can be defined are:
• Global Stop Session Event—this event is used to define conditions that must
trigger the end of a session. Without a Global Stop Session Event, the only way to
identify the end of a session is by a session timeout. This event allows activities
Configuring the Hit Analysis Process 107
Special Events
that are known to stop sessions (user logout being the most common example) to
immediately close a session, without having to wait for the session to time out.
• Global Stop Transaction Event—this event works much like the Global Stop
Session Event, but rather than closing the entire user session, it stops any active
transaction(s). Global Stop Transaction Events are rarely meaningful, as it is
unlikely that a common activity applies to all Transaction Filters in the system,
unless it is something such as a logout page (in which case the Global Stop
Session Event is probably a better choice).
• Post Hit Analysis Event—this event is fired as the very last step for each hit
processed by the system. This is the only place where certain data is guaranteed to
be updated prior to processing.
For detailed information about Special Events, see the following sections:
• Special Events Configuration
• Special Events Additional Information
3 Click the Edit icon beside the event you want to define.
Note Editing is the only operation available for an undefined special event.
Custom Fields
Custom Fields allow specialized information to be associated with individual hits,
sessions, and transactions.
For detailed information about Custom Fields, see the following sections:
• “Custom Fields Attributes” on page 109
• “Custom Fields Configuration” on page 113
• “Custom Fields Additional Information” on page 115
Configuring the Hit Analysis Process 109
Custom Fields
Name
This field defines the name of the Custom Field. Custom Field names must be unique
within a given scope, but the same name may be used in different scopes (that is, you
can have a Hit Custom Field named foo and a Session Custom Field named foo). Each
Transaction Filter defines its own unique scope (that is, two different Transaction Filters
can define Custom Fields named foo).
Note This name may contain only letters, numbers, and spaces. Other characters are not
allowed. Names must be less than 80 characters long, and cannot contain leading or trailing
spaces.
Description
This attribute is optional. If populated, it is used to build tooltips and reports.
Storage (Scope)
This attribute controls how the Custom Field is stored in the capture database and how it
should be used for search results (that is, not shown at all, included with search results,
or included in the first column in the results). Once you define a custom field, you can
not change its scope, but you can change the storage details within that scope.
Important The Storage (Scope) attribute cannot be overridden by filters that update this Custom
Field.
110 Foglight Experience Viewer
User Guide
Select one of the Update Hits options to store the field with all matching hits for easy
searching later. The following table presents the values you can select for hit-scoped
custom fields.
Available only during Hit For transient values that do not need to be stored
Analysis in the database.
Show in Search Results For fields that should appear in search results.
Not in Search Results For fields that should not be in search results, but
can be seen when examining hit details for a
specific hit.
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
Select one of the Update Session options to store the field with the sessions of all
matching hits, for use by Transaction Filters and/or when searching for sessions. The
following table presents the values you can select for session-scoped custom fields.
Available only during Hit For transient values that do not need to be stored
Analysis in the database.
Show in Search Results For fields that should appear in search results.
Not in Search Results For fields that should not be in search results, but
can be seen when examining session details for a
specific session.
First Column in Search Results For identifying fields (for example, username)
that should appear first in search results (far left
side of the results screen).
Show in Search Results (+ Audit For fields that should appear in search results, and
Log) be used for audit logging.
Configuring the Hit Analysis Process 111
Custom Fields
Not in Search Results (+ Audit For fields that should not be in search results, but
Log) can be seen when examining hit details for a
specific hit, and be used for audit logging.
First Column in Search Results For identifying fields (for example, username)
(+ Audit Log) that should appear first in search results (far left
side of the results screen). Also used for audit
logging.
1
The options that end with “(+ Audit Log)” can be used to flag custom fields for audit logging
when sessions are viewed by FxV users. This allows you to track the data seen by individual
FxV users.
Custom Fields with transaction scope can only be created when creating or editing the
Transaction Filter that defines their scope.
Storage (Type)
A Custom Field must be declared as either a string (Store Values as Text) or numeric
(Stores Values as Numbers) field. Explicitly defining a custom field as numeric enables
searching based on numerical comparison operators (for example, is the value of custom
field “shopping cart value” greater than 100?). Numeric sorting is also enabled.
Once you define a custom field, you can not change its storage type.
Important The Storage (Type) attribute cannot be overridden by filters that update this Custom
Field.
Important This setting can be overridden by filters that update this Custom Field.
112 Foglight Experience Viewer
User Guide
When a custom field already has a value, several different options are available.
Value Description1
Set value only if not already set Once the custom field value is set, it is not
changed [1].
Append value (if unique) Similar to Append to value, but only unique
values are added [123].
Append value (if unique, Similar to Append to value, but values like “foo”
ignoring case) and “Foo” are considered identical [123].
1
The values in brackets represent the final custom field value in the case where three
assignments to the same field occur in the following sequence: 1, 2, 3, 2.
Update If Blank
This attribute determines how blank values should be treated. By default, this attribute
is set to No, and blank values are ignored (that is, a previous custom field value is not
replaced by a blank value). Set to Yes to retain blank values when setting or appending
strings.
Important This attribute can be overridden by filters that update this Custom Field.
Configuring the Hit Analysis Process 113
Custom Fields
Name Name of the Custom Field, preceded by two icons indicating the
scope and the type of the field:
• Hit Scope
• Session Scope
• Transaction Scope
• Values store as text
• Values stored as numbers
114 Foglight Experience Viewer
User Guide
References A list of objects that either set the value of the Custom Field or
access its value. Each reference is preceded by two icons:
• The filter or event reads the value of the Custom Field
• The filter or event sets the value of the Custom Field
• Hit Filter
• Transaction Filter
• Special Event
If this Custom Field is stored in the Analysis Repository, the
Analysis Repository icon is also displayed.
• To create a new Custom Field, click Create Custom Field, then fill in the
information requested.
Note Custom Fields can also be created from within the Hit Filter, Transaction Filter,
and Special Event editors.
4 Click OK.
The Custom Field page that appears when you view or edit a Custom Field contains a
section named Updated By. This is a read-only table that lists all of the objects (Hit
Filters, Transaction Filters, or Special Events) that update the value of that Custom
Field. The primary purpose of this table is to show any overridden values. Since
updating objects can override the “assignment mode”, “appended values separator”, and
“update if blank policy”, this table has columns for each of these three settings. The
values in these columns are blank unless the updating object overrides the value. If it
does, the overridden value is shown in the table.
The only exception to this rule is when a Custom Field has an assignment mode of
“append” and defines a separator character. If a Hit Filter, Transaction Filter, or Special
Configuring the Hit Analysis Process 115
Metrics
Event overrides and removes the separator, the Used By table displays a value of
“{none}” in the Separator column.
Any changes made to a Custom Field are automatically propagated to its “updating
objects”, unless they are overriding the value. Overrides can be cleared by editing either
the Custom Field or the overriding object, and modifying the values so that they match.
For details on referencing and updating Custom Fields from Hit Filters, Transaction
Filters, and Special Events, see the following sections: “Hit Filters: Set Custom Fields”
on page 82, “Transaction Event: Set Custom Fields” on page 99, and “Special Events”
on page 106.
Metrics
A Metric is a global numeric value incremented by Hit Filters, Transaction Filters, and
Special Events.
For detailed information about Metrics, see the following sections:
• “Metrics Configuration” on page 115
• “Metrics Additional Information” on page 117
Metrics Configuration
You can create, edit, view, copy, and delete all Metrics defined in your system, via the
FxV browser interface.
A single “default” Metric is provided with the initial FxV configuration:
116 Foglight Experience Viewer
User Guide
References A list of objects that either update the value of the Metric or access
it (in the case of the Analysis Repository). Each reference is
preceded by an icon indicating the type of the updating object:
• Hit Filter
• Transaction Filter
• Special Event
• Analysis Repository
Note If a Metric is not updated by any object in the Hit Analysis model, this
metric is not displayed in the Analysis Repository Configuration
page.
• To create a new Metric, click Create Metric, then fill in the information
requested.
4 Click OK.
For details on referencing and updating Metrics from Hit Filters, Transaction Filters,
and Special Events, see the following sections: “Hit Filters: Increment Metrics” on
page 86, “Transaction Event Increment Metrics” on page 103, and “Special Events” on
page 106.
Captured Metadata
Metadata captured by the system can be used when searching and when building Hit
Filters and Transaction Filters.
To display metadata captured by your system:
1 On the menu bar, click Configure > Hit Analysis.
The Hit Analysis page appears.
2 Display the Captured Metadata menu options.
3 To display a specific metadata, click one of the following links:
• View Captured Web Servers
118 Foglight Experience Viewer
User Guide
FxV users can control the amount of metadata that is included in the Captured Field
Names, Captured Request Header Names, Captured Response Header Names, and
Captured Cookie Names lists by editing the Metadata Sensitivity property in the Server
Configuration page (for details, see “Server Configuration” on page 170).
The Metadata Sensitivity property specifies the minimum reference count required for a
name to be included in the list. The reference count is the number of hits that contain the
field, header, or cookie name in any of the database segments. For example, setting the
Metadata Sensitivity property to “1” results in including all names in the list; setting this
property to “1000” results in including only those names that appear in at least 1000 hits
in a database segment.
Note This property affects only the Captured Field Names, Captured Request Header Names,
Captured Response Header Names, and Captured Cookie Names metadata lists.
Scripts
FxV uses scripts (snippets of custom logic written in the Groovy scripting language) to
allow its users to extend the functionality of the Foglight Experience Viewer system.
Scripts can be used to integrate FxV with other systems, as well as perform more
complex analysis of the data than is allowed by the standard hit analysis filters (such as
evaluating complex match expressions, transforming hit data, applying complex regular
expressions, etc.). A script is executed by a Hit Filter or a Transaction Filter, which can
use the output variables published by the script to update custom fields or metrics.
Configuring the Hit Analysis Process 119
Scripts
Scripts Configuration
To implement scripts into the FxV Hit Analysis model:
1 Determine the script requirements.
2 Select the appropriate Hit Analysis APIs.
3 Select the script’s execution frequency.
4 Determine the script’s output.
5 Write the script.
6 Test the script.
7 Add the script to the Hit Analysis model.
For detailed information about implementing scripts into the FxV Hit Analysis Model,
see the Groovy Scripting API documentation.
For additional information about the Groovy scripting language, see http://
groovy.codehaus.org/Documentation.
To manage Scripts via the FxV browser interface:
1 On the menu bar, click Configure > Hit Analysis.
The Hit Analysis page appears.
2 Expand the Scripts section.
The Scripts already defined in your system are displayed in table format.
Executed/ The number of times this script has been executed and the number
Errors of times it has failed in the current day (since 12:00 AM).
Note The number of failures is incremented when an uncaught exception
occurs while executing the script, keeping the script from running to
completion.
Used By Lists any Hit Filters or Transaction Filters currently using this
Script.
The Disabled icon following the name indicates that the filter is
currently disabled.
• Version—The version number for this object. Each time a change is made, the
version number is incremented.
Note The features described in this section are just a subset of the options available for dealing
with sensitive data.
The following considerations are important when planning to protect sensitive data:
• Full-disk encryption can be configured on the FxV appliance to ensure that
sensitive data cannot be extracted directly from stolen hard drives.
• The FxV browser interface can be configured such that all traffic is sent via https
(SSL).
• All configuration changes of the FxV capture system are logged to ensure that
unauthorized changes can be identified.
• The Foglight Experience Monitor (FxM) can be configured such that certain data
is never passed to FxV.
• Entire hits can be dropped (not stored), by configuring the Storage Restrictions
for a Hit Filter.
• Hit Detail Type—can be one of the following options: “Request Field” (the most
common), “Request Header”, “Response Header”, and “Cookie”.
• Matching Logic—specifies how the Hit Detail Name must be interpreted. A value
of “=” indicates that the name must match exactly in order to be identified as
sensitive. Other values options include “Starts With”, “Ends With”, “Contains”,
and “Matches” (which treats the Hit Detail Name as a regular expression). FxV
also provides “ignore-case” versions of each of these options (except for
“Matches”), which allow for case-insensitive comparisons.
• Hit Detail Name—is the name of the sensitive field/header/cookie (for example,
cc_num). Depending on the value of the Matching Logic attribute, this value may
be an exact name, a partial name, or a regular expression.
• Replacement Text—specifies a fixed string to be displayed in place of the
sensitive data. This field is optional.
• Always Sensitive—indicates whether the sensitive data should be considered
sensitive regardless of the privileges of the FxV user. This flag is set to “Yes” by
default. When set to “No”, users with special privileges are able to see the actual
value of the sensitive data, while other users see only the Replacement Text (or
nothing, if no replacement text is specified). In order to see sensitive data flagged
as “not always sensitive” a user must be a member of a User Group that has the
Sensitive Data Display privilege turned on.
Example:
Hit Detail Type = Request Field
Hit Detail Name = cc
Matching Logic = Starts With (IC)
Replacement Text = ****
Always Sensitive = No
In this scenario, the value of any request field starting with the letters cc (or CC or cC or
Cc) is replaced with the string “****” when displayed to a typical user. However, users
who are members of a User Group with the Sensitive Data Display privilege can see the
actual credit card numbers.
Note Regardless of the value of the Always Sensitive flag, the sensitive data is always captured
and stored in the database. The replacement occurs when the data is queried by an FxV
Configuring the Hit Analysis Process 123
Sensitive Data Protection
user. For information on disabling the storage of sensitive data completely, see “Define Hit
Storage Restrictions” on page 87.
Data marked as sensitive is not available for use during Hit Analysis. For example, if the
request field cc_num is identified as sensitive, this setting cannot be circumvented by
creating a Hit Filter that populates a custom field with the value of the cc_num request field.
If this were attempted, the replacement text would be stored in the custom field, not the
original value. This is true regardless of the value of the Always Sensitive flag, since the Hit
Analysis processing is performed outside the context of any specific user.
Note Sensitive Response Content Expressions are only applied to text/html hits.
For example, the expression “abc(def)ghi(jkl)mno” has two groups. Group #1 has
the value “def”. Group #2 has the value “jkl”. Group #0 always represents the
entire expression, so the value of group #0 is “abcdefghijklmno” in this case.
Note The most common scenario is to define a regular expression with a single pair of
grouping parenthesis and the Sensitive Groups attribute set to “1”.
When displaying this page to a user with Sensitive Data Display privileges, the original
response is displayed:
Thank you for joining. Your username is superdog and your
password is 5uP3rd0G.
Configuring the Hit Analysis Process 125
Hit Analysis Configuration Options
Note Similarly to Sensitive Hit Detail data, sensitive content identified by Sensitive Response
Content Expressions is stored in its original form. Replacement occurs at data access time
rather than capture time.
Regardless of the value of the Always Sensitive flag, the sensitive data is always captured
and stored in the database. The replacement occurs when the data is queried by an FxV
user. For information on disabling the storage of sensitive data completely, see “Define Hit
Storage Restrictions” on page 87.
Session Configuration
This section provides several configuration options for how the system should identify
the end of a session. These settings apply to all Archivers in the system. The following
options are available:
• Maximum Hits Per Session—defines the maximum number of hits that can be
contained within a single session. When this limit is reached, the session is
stopped and a new session (with the same Session ID) is started.
• Maximum Session Duration—defines the maximum time range that a single
session can span before being stopped. When this limit is reached, the session is
stopped and a new session (with the same Session ID) is started.
• Minimum Hits For “Long” Session—defines how many hits must be present
within a session before it is considered “long” for timeout purposes.
• Count Only HTML Hits for “Long” Session—defines if all hits or only HTML
hits should be counted when determining if a session is “long” for timeout
purposes.
126 Foglight Experience Viewer
User Guide
• Timeout for “Short” Sessions—defines the length of idle time before a “short”
session is timed out.
Note A “short” session is a session that contains one hit or a very small number of hits.
“Short” sessions usually “time-out” fairly quickly, which allows them to be identified
as closed more quickly then “long” sessions. This also improves the performance of
the Archiver, since fewer active sessions must be maintained in memory.
• Check Only HTML Hits for “Short” Session Timeout—for “short” sessions,
determines if all hits or only HTML hits should be interpreted as active use by the
client.
• Timeout for “Long” Sessions—defines the length of idle time before a “long”
session is timed out. This value should always be set to match the session timeout
defined by the Web server, to ensure that sessions timed out by the application are
marked as timed-out by FxV at the same time.
• Check Only HTML Hits for “Long” Session Timeout—for “long” sessions,
determines if all hits or only HTML hits should be interpreted as active use by the
client.
To configure the session timeout settings in the system:
1 On the menu bar, click Configure > Hit Analysis.
The Hit Analysis page appears.
2 Expand the Hit Analysis Configuration Options menu.
3 Edit the settings in the Session Configuration area as required, then click Save
Changes.
The settings are now saved and are applied to all Archivers in the system.
Note In addition to these settings, session completion can be further configured by defining a
Global Stop Session Event.
Archiver Configuration
This sections provides several configuration options that allow you to control the way
captured data is segmented by the capture system. These settings apply to all Archivers
in the system:
• Maximum DB Segment Span—data captured by the FxV Archivers is stored in
database segments. The size of each segment is limited to a fixed maximum size,
as well as a maximum time span (whichever comes first). This setting allows that
Configuring the Hit Analysis Process 127
Hit Analysis Configuration Options
For detailed instructions on how to configure Archivers in a system via the FxV browser
interface, see the FxV Installation and Administration Guide.
Script Configuration
The settings in this section are applied to all Scripts defined in the system:
• Maximum Number of Uncaught Failures Per Script—defines the maximum
number of times that a given script can fail (by throwing an exception not handled
by the script) before the script is disabled.
• HTTP Connection Timeout—defines the maximum amount of time (in
milliseconds) that a script requesting an HTTP connection waits before timing
out.
• HTTP Socket Timeout—defines the maximum amount of time (in milliseconds)
that a script using an HTTP connection waits for a response before timing out.
Other Configuration
The settings in this section allow certain aspects of the Hit Analysis process to be
customized:
• Additional Parsed Response Types—allows you to control the response content
types that are parsed. By default, when processing hits, the response content is
only evaluated for hits whose response content type is set to text/html.
Additional response types can be included by specifying in this field a comma-
separated list of content types (for example: text/xml,text/plain).
These content types are utilized at capture time only. The primary use of this
setting is to make the content of certain kinds of hits available to hit filters, for use
128 Foglight Experience Viewer
User Guide
Version Every time a change is made to anything on the Hit Analysis page,
a new version of the Hit Analysis Configuration model is created.
Version numbers are incremented sequentially.
User The name of the FxV user who modified the model.
Update Type The type of the change made: Create, Delete, Import, Rollback, or
Update.
Configuring the Hit Analysis Process 129
Hit Analysis Configuration Change Log
Object Type The type of object that was created, updated, or deleted (for
example, Hit Filter, Custom Field, etc.).
Note This column is blank if the Update Type is Rollback or Import.
Name The name of the object that was created, updated, or deleted.
operation. The Hit Analysis Configuration Change Log is updated to reflect the
rollback operation.
Note When you use the Rollback option, the entire Hit Analysis configuration is imported
(that is, you cannot choose individual pieces of the Hit Analysis configuration to be
imported).
Important The only things imported/exported by this FxV feature are the settings found on the Hit
Analysis page. Users, user groups, resource groups, custom search screens, etc. are
not part of this export/import.
4 Select a name and a destination directory for the Hit Analysis Configuration file,
then click Save.
The file is now downloaded in the specified directory.
To import an external Hit Analysis Configuration into your FxV system:
1 In the FxV browser interface, on the menu bar, click Configure > Hit Analysis.
The Hit Analysis page appears.
2 Click Import Configuration.
The Import Configuration page appears.
3 Specify the XML Hit Analysis Configuration file to be imported and the path to its
source directory, then click Load File.
132 Foglight Experience Viewer
User Guide
The configuration is validated, and the Hit Analysis Configuration Summary page
opens, displaying all Hit Analysis objects available for import.
4 By selecting one of the options available in the Import Mode list, you can choose
how you want to handle the objects existing in your system when importing an
old configuration:
• Drop current configuration; replace with selected items—nothing from the
currently-active Hit Analysis Configuration is retained. The only possible
exception are the Configuration Options (if you choose not to import the old
settings, the current ones continue to be used).
• Keep current configuration; add/replace selected items only—the current
configuration remains in place. Selected objects from the old configuration are
added to the current configuration. If a selected object exists in both models,
the current version is replaced.
5 Select the check box for each of the items you want to import, or select the
Import check box to import all items in the list.
6 Click Import Selected Items.
The selected items are now imported into your system, and the Hit Analysis
Configuration Change Log is updated to reflect this operation.
7
Hit Analysis Examples
This chapter provides several examples illustrating common uses of Hit Filters and
Transactions Filters that FxV users can define via the FxV browser interface.
Metric:
Name: Error Pages
Increment By: Fixed Amount (1)
Incremented: Always
Storage:
Store Transactions: Never
Store Custom Fields: Never
Store Events: Never
Commit Pending Metric Updates: Always
This type of transaction demonstrates the power of Transaction Filters to do more than
just track a series of steps that make up a logical transaction. Transaction Filters are
useful for many types of analysis that involves more than one hit per session.
Notice that in this example you have configured the Transaction Filter to not store
transaction information. The only purpose of the Transaction Filter is to increment the
Error Sessions metric. There is no need to store the transaction as well.
Also notice that the no “stop” condition is necessary for the transaction, which simply
ends when the session ends. This is the expected behavior, since your goal is to count
only one error page per session. This is specified by setting the Allow Multiples option
to No for the one event in this filter.
Note Setting the Allow Multiples option to a value other than No results in each Hit Filter match
incrementing the metric.
SQL Exception
Database error 12345 has occurred. Please call support.
A simple approach to tracking these sorts of errors might be defined as follows:
Hit Filter Name: SQL Exceptions
Match Conditions: Response Content Contains “SQL Exception”
While this filter would work, it has the unfortunate effect of causing every hit to be
parsed for the string “SQL Exception”. Whenever possible, an additional condition
should be added to reduce the number of pages being scanned. In many cases, the URL
or Request Path can be used to reduce the set of pages potentially containing the text
being searched for. In this example, you can use the HTTP Response Code.
Hit Filter Name: SQL Exceptions
Match Conditions: Response Code = 500 AND Response Content Contains “SQL
Exception”
Important Match conditions are evaluated in the order that they appear. Always make sure that any
evaluation of the response content appears last in your list of match conditions.
Incremented: Conditional: when the status recorded by this Hit Filter is Error
The key feature of this Hit Filter is the use of $0 in the name of the metric. This is a
special token that the system replaces with the value of the “$0 Source” in order to
create multiple unique metrics. For example, if a hit is captured with a response code of
404, a metric called Http Response Code 404 would be incremented. Note that the “$0
Source” can be just about anything. This example uses the Response Code here, but it
could as well use the value of a request field, some other hit detail such as Country, or
even some piece of data extracted from the page content.
Note When using parameterized metrics, ensure that “$0 Source” has a reasonably small
number of possible values. Using something like the session ID or some other highly
dynamic piece of data may produce hundreds or thousands of distinct values, resulting in
an unmanageable number of distinct metric names.
In order to understand this match condition, you must look at the Add to Cart Hit Filter.
This Hit Filter is very simple. Its sole purpose is to trigger the beginning of a
transaction. Its only “action” is to flag a hit as having matched. The match conditions
for this Hit Filter are:
Request Path Ends with /product_info.php AND Request Field action =
add_product
These match conditions would successfully match a URL such as:
http://www.myonlinestore.com/catalog/
product_info.php?action=add_product&products_id=26
Now that you know what it takes to trigger the beginning of this transaction, you can
look at the actions you need to perform in the first event. Since the point of this event is
to mark the beginning of the transaction, you must first configure the system
accordingly. In the Transaction Filter definition page, set:
Start/Stop Actions: Start Transaction
In addition to starting the transaction, you can also keep count of the total number of
transactions that have been started. You can do this by incrementing a metric:
Name: Entered Tunnel
Increment By: Fixed Value (1)
Increment Policy: Always increment when transaction stops
The key part of this custom field definition is the value source. The page we are dealing
with contains a table with the following text:
Sub-Total: $69.99
Flat Rate (Best Way): $5.00
Total: $74.99
Your goal is to extract now the Sub-Total (the cost of the items, excluding shipping). In
order to identify how to extract this value from the response content, you need to look at
the HTML source for the page. This particular table is rendered by the following
HTML:
<table border=”0” cellspacing=”0” cellpadding=”2”>
<tr>
<td align=”right” class=”main”>Sub-Total:</td>
<td align=”right” class=”main”>$69.99</td>
</tr>
<tr>
<td align=”right” class=”main”>Flat Rate (Best Way):</td>
<td align=”right” class=”main”>$5.00</td>
</tr>
<tr>
<td align=”right” class=”main”>Total:</td>
<td align=”right” class=”main”><b>$74.99</b></td>
</tr>
</table>
Since there are multiple amounts on the page, you need to take care to extract the one
correct one. The following expression successfully returns 69.99:
>Sub-Total:<.*?\$([0-9,]+\.\d\d)
This expression means:
“Search for the text ‘>Sub-Total:<’ followed by any number of characters, until
you find a ‘$’ followed by one or more digits/commas (the comma allows for
values such as $1,234.56), followed by a decimal point, followed by two more
digits.”
Hit Analysis Examples 143
“Buy Tunnel” Example
Everything after the dollar sign is wrapped in parenthesis, indicating the portion of the
match to be returned as the value of the custom field.
Important Notice the use of the “?” in this regular expression. Placing the “?” after the “.*” means
“match any character, but do not be greedy”.
request field for the email address on both pages, you are able to use a single Hit Filter
to handle both cases.
This Hit Filter also defines a custom field:
Name: Email
Storage: Update Session, First Column in Search Results; Store Values as Text
Value Source: Request Field email_address
Populated: Always
Value Assignment Mode: Reset value on each match
Update If Blank: No
This custom field becomes part of the session data for this user and appears as the first
column in any session search results screen.
Getting back to the final Transaction Event (Confirmation), you can use this custom
field value to store the user’s email address with the transaction as well. This way, the
value can also be displayed in transaction search results.
The custom field definition in the event is the following:
Name: Email (The name is the same, but it is a different custom field, since it is in
transaction scope here.)
Storage: Update Transaction, First Column in Search Results
Value Source: Session Field—Email
Value Assignment Mode: Reset value each time this event occurs
Update If Blank: No
This technique of copying a value from a session custom field to a transaction custom
field is very common. It allows hit-level data to be transferred to the transaction (which
has no direct access to hit data). In fact, you can use the same technique for one more
custom field:
Name: Total Sale Amount
Storage: Update Transaction, Show in Search Results
Value Source: Session Field—Final Cart Value
Value Assignment Mode: Reset value each time this event occurs
Update If Blank: No
Hit Analysis Examples 145
“Buy Tunnel” Example
Recall that in the payment step (see “Transaction Event: Payment” on page 141), you
extracted the final cart value from the page content and stored it in a transient custom
field (that is, the value was associated with the session for the specific purpose of
moving it over to the transaction at this point; the value is not stored in the database at
the session level).
Finally, you can now also use this event to update two more metrics. The first metric is
similar to the other counters incremented in previous steps (see “Transaction Event:
Add to Cart” on page 139 and “Transaction Event: Checkout” on page 140):
Name: Completed Transactions
Increment By: Fixed Value (1)
Increment Policy: Always increment when transaction stops
The second metric uses a different “Increment By” strategy, to track the total value of all
completed transactions:
Name: Total Value of Completed Transactions
Increment By: Session Custom Field Final Cart Value
Increment Policy: Always increment when transaction stops
Note You use here the same session custom field used to set the Total Sale Amount transaction
custom field to increment a metric by the value of the item(s) purchased.
• Lost Sale Amount—this field is set to the value of a session Custom Field called
Cart Value. The intent is to capture the value of the abandoned shopping cart.
• Email—as you did on successful completion of a transaction, you can transfer the
value of the session Custom Field called Email into a transaction Custom Field,
so that both sessions and transactions can be identified by the user’s email
address.
The Metrics set by the Cart Abandoned event are:
• Abandoned Shopping Carts—a simple counter, incremented by “1” each time the
event occurs.
• Total Value of Abandoned Shopping Carts—incremented by the value of the Cart
Value session custom field.
Once this Sensitive Hit Detail is in place, anyone viewing captured sessions (including
sessions captured before the Sensitive Hit Detail was in place) would only see
*****HIDDEN***** in place of the credit card number.
8
Configuring the Analysis
Repository
This chapter presents the operations an FxV user can perform to configure a secondary
database for long-term storage of session and transaction data captured by FxV. This
database is configured via the FxV user interface. The stored data can be accessed via
direct SQL queries or through the Foglight.
Overview
The FxV Analysis Repository is a secondary database that offers you long-term storage
of session and transaction data captured by FxV. This add-on feature eliminates the
primary capture database’s restrictions, that is, session and transaction search screens
returning a small number of sessions/transactions, limited FxV capture capacity, and
inability to write report-style queries against the FxV data.
The Analysis Repository provides the following key features:
• Longer term storage of session and transaction data.
• Configurable database structures.
• Simple MySQL database format, accessible:
• From within Foglight, via a Foglight data source (as part of the Cartridge for
Foglight Experience Viewer)
• Via standard SQL query tools, such as Quest’s Toad for MySQL
• Via third-party reporting tools
The Analysis Repository is designed to run on any FxV appliance. For single-appliance
installations with minimal traffic (or for POC installations), the Analysis Repository can
co-exist with the FxV Server and Archiver components, sharing space with the primary
capture database.
Sites with multiple Archivers require a Storage appliance in order to consolidate the
session/transaction data into a single database. The Analysis Repository makes use of
the FxV appliance’s local disk, so the Storage appliance does not necessarily need to
have an attached SAN device. Users with a multi-Archiver installation may enable the
Analysis Repository without adding a Storage appliance to their system. However, in
this configuration each Archiver appliance has its own Analysis Repository containing
only the sessions/transactions captured by that Archiver. Therefore, in order to obtain a
complete view of the Analysis Repository, users would have to perform identical
queries against multiple databases and merge the results.
Important The addition of a Storage appliance is strongly recommended for FxV systems with more
than one Archiver.
The Analysis Repository is disabled by default. Leaving this feature disabled does not
impact the performance of existing FxV systems. Users that plan to enable this feature
must first ensure that their system meets the installation and configuration requirements
Configuring the Analysis Repository 151
Architecture
(for details, see the FxV Installation and Administration Guide), then configure the
database structure (for details, see “Configuration” on page 154).
Architecture
The structure of the Analysis Repository is designed to be very simple. It provides two
types of tables:
• A single session table—contains one row for each captured session, indexed by
the sessionID, startTime, and lastHitTime.
• One transaction table for each Transaction Filter—the tables contain one row
for each captured transaction. The tables are indexed by the sessionID, startTime,
and lastHitTime.
The columns in these tables can contain session/transaction details (location
information, hit counts, etc.), custom field values, metric update values, and Transaction
Event counts. The specific columns defined for each table are user-configurable.
• Country (TEXT)
• End to End Time (DOUBLE)
• Errors (INTEGER)
• HTML Errors (INTEGER)
• HTML Hits (INTEGER)
• HTML Warnings (INTEGER)
• ISP (TEXT)
• Processing Time (DOUBLE)
• Region (TEXT)
• Stop Reason (TEXT)
• Stored Hits (INTEGER)
• Subnet (TEXT)
• Time of First Error (DATETIME)
• Time of Last Error (DATETIME)
• Total Hits (INTEGER)
• Total Time (DOUBLE)
• Transaction Count (INTEGER)
• Transaction Errors (INTEGER)
• Transaction Warnings (INTEGER)
• Username (TEXT)
• Warnings (INTEGER)
• Hit Filter Matches (INTEGER)—one column for each Hit Filter in the system.
The values indicate the number of hits the Hit Filter matched during the session.
• Custom Fields (TEXT or DOUBLE, depending on the Custom Field type)—one
column for each session-scoped Custom Field.
• Metric Deltas (INTEGER)—one column for each metric. The values indicate
changes to the metric values made within the scope of the session.
Users can choose which of these columns are included in the database structure, on a
column-by-column basis. The column names are user-configurable; each type of
column has a fixed prefix (for example, SDT_ for Session Details, HFM_ for Hit Filter
Matches, etc.), but the core of the column name is specified by the user or populated
with the default names.
Configuring the Analysis Repository 153
Architecture
Configuration
Users can configure the Analysis Repository structure via the FxV browser interface.
The configuration process contains two major phases:
1 “Analysis Repository Initial Setup” on page 154
2 “Analysis Repository Detailed Configuration” on page 159
database, any changes to the column counts result in all Analysis Repository data
being lost.
Note Changing the database size and/or the table retention limits does not result in losing the
previously captured data.
3 Enable the Analysis Repository by setting the Maximum Analysis Repository Size
to a value other than zero.
Important The Maximum Analysis Repository Size defines the maximum size for the
Analysis Repository. Depending on the current size of the repository and the
current growth rate (how quickly the size of the repository is increasing),
decreasing the maximum size may result in the immediate termination of any
queries actively running against the Analysis Repository.
4 Define the maximum number of hours of data that an individual table in the
Analysis Repository can retain, by setting the Maximum Table Retention field.
Distinct tables are created for each segment in the primary capture database, so
this value must be greater than the maximum segment span, as defined in the Hit
Analysis Configuration Options page (see “Archiver Configuration” on
page 126).
Note The default value of zero sets no time limit for the Analysis Repository; in this case,
data is deleted only when the size of the Analysis Repository nears its limit.
5 Define the maximum amount of time (in minutes) that an individual query against
the Analysis Repository is allowed to run, by setting the Maximum User Query
Duration field. Queries running longer than this limit are terminated.
6 Specify the time at which the Analysis Repository maintenance is performed each
day, by setting the Maintenance Time field. At this time, any queries running
against the Analysis Repository are terminated in order to allow routine database
maintenance activities to be performed.
7 Define the maximum number of columns of each data type that can be configured
to store data in the session table, as well as the maximum number of these
columns that can be indexed for improved search performance, by typing in the
156 Foglight Experience Viewer
User Guide
values in the provided fields. For details about this data type, see “Session Table
Data Types” on page 156.
Tip Optimize the table size while also allowing for future growth.
8 Define the maximum number of columns of each data type that can be configured
to store data in each transaction table, as well as the maximum number of these
columns that can be indexed for improved search performance, by typing in the
values in the provided fields. For details about this data type, see “Transaction
Table Data Type” on page 158.
Tip Optimize the table size while also allowing for future growth. All transaction tables will
have the same limits.
The following table illustrates the type of columns that can be defined in the session
table.
In addition to defining the number of columns of each data type, users can also define
the maximum number of these columns that can be indexed. Indexed columns should be
used for data that is expected to commonly appear in search criteria. The session table
has a limit of 60 indices.
Example
If users intend to do a lot of queries based on location, the SDT_CITY, SDT_REGION,
and SDT_COUNTRY columns would be good candidates for indices.
Note Configuring the number of indexed columns of each type also implicitly sets the maximum
number of non-indexed columns of each type. For example, if you allocate 50 INTEGER
columns and 10 of them indexed, the maximum number of non-indexed INTEGER columns
allowed is 40.
The Analysis Repository Configuration page appears, listing all the possible
columns and tables (for Transaction Filters) that can be added to the database.
Initially, all of the column names are blank, which means that no data is stored,
other than the three pre-defined standard columns (see “Architecture” on
page 151). Also, all transaction table names are initially blank, which means that
no transaction filter-specific tables are created.
2 In the provided Column Name fields, type in names for all columns you want to
include in the session and transaction-specific tables.
Alternatively, click the Set to Default icons beside any of these fields to
populate them with their default names.
Note Click the Clear icon beside each of these fields to clear the column name.
Tip The Set to Default and Clear icons at the top of each section allow you to
auto-populate or clear an entire section at once.
The configuration of the Analysis Repository is part of the Hit Analysis Configuration,
which can be exported as XML and imported back into the system. This contains all
settings related to the Analysis Repository, including the individual column mappings.
For more information, see “Hit Analysis Import/ Export Configuration” on page 130.
Data Transfer
The Analysis Repository is not populated in real time like the primary capture database.
Instead, database segments are transferred to the Analysis Repository when they close.
The duration of each segment is defined on the Archivers Configuration section in the
Hit Analysis Configuration Options page (see “Archiver Configuration” on page 126).
It can be set to as little as one hour, in which case completed sessions would appear in
the Analysis Repository no later than one hour after completion.
Configuring the Analysis Repository 161
Access
Access
The Analysis Repository is a MySQL database, accessible:
• From within Foglight, via a Foglight data source (as part of the Cartridge for
Foglight Experience Viewer). For more information, see “Accessing the
Analysis Repository from Foglight” on page 161.
• Via standard SQL query tools, such as Quest’s Toad for MySQL. For more
information, see “Accessing the Analysis Repository from Toad for MySQL”
on page 161.
• Via third-party reporting tools.
Access to the Analysis Repository is read-only. You cannot delete rows from the
Analysis Repository tables. Data in the Analysis Repository is removed, as needed,
based on the configured Maximum Analysis Repository Size and Maximum Table
Retention. When data is removed from the Analysis Repository, it is removed according
to database segment boundaries.
Port 3306
Password fxv
This is the default value. To change the password, see
“Appliance Maintenance” on page 168.
Table Names session and txn_* (as defined when configuring the database)
Note The session table can be joined with the txn_ tables, but this
process is quite complex. Sessions are identified by their
sessionID, startTime, and lastHitTime (this is because you can
have multiple sessions with the same session ID). To get the
transactions for a specific session, you have to use a WHERE
clause. For example:
WHERE session.sessionID =
txn_xxx.sessionID AND session.startTime <=
txn_xxx.startTime AND session.lastHitTime
>= txn_xxx.lastHitTime
Quest’s Toad for MySQL is freeware. You can download it from Quest’s Web site (http:/
/www.quest.com/toad-for-mysql) and install it on your local machine. For more
information about accessing the FxV Analysis Repository via Toad for MySQL, see the
Quest’s Toad for MySQL documentation set.
To access an Analysis Repository using Toad for MySQL:
1 Open Toad for MySQL.
Note This procedure assumes that you have already downloaded and installed Toad for
MySQL on your local machine.
2 Create a connection to the database by clicking File > New > Connection.
3 In the Create New Connection dialog box define the fields as follows:
• Connection type—select TCP from the list.
• Host—use the IP address of the FxV appliance.
• User—type in fxv.
• Password—type in fxv.
• Database—type in fxv.
• Port—select 3306 from the list.
• Name—type in a name for the database to display (for example, FxV
Analysis Repository).
Configuring the Analysis Repository 163
Access
When the connection is established, the name of the database appears in the
Connection Manager pane.
4 Display the information stored in the FxV Analysis Repository by selecting its
name in the Connection Manager pane, and then clicking Tools > Database
Explorer.
The FxV Analysis Repository tab appears in the Database Explorer pane.
5 Select the Views tab.
The list of session and transaction tables available in this Analysis Repository
appears.
This chapter presents the operations that a user with full administrative privileges can
perform in order to configure and administer the system via the FxV browser interface.
Archivers
Archivers capture hits collected by Collectors, then apply Hit Filters and Transaction
Filters, and update the capture database for later search and replay. All FxV appliances
have a pre-installed default Archiver.
To view the Archivers already configured in your system:
• In the FxV browser interface, on the menu bar, click Configure > Archivers.
The Archivers page appears, showing all Archivers in the system. You can view,
edit, or remove the existing components, or add new ones. In order to add an
Archiver, the Archiver must be running and must be accessible from the Server.
• Test the ability of the FxV Server to communicate with all currently configured
Archivers (by clicking Test Connections).
For detailed instructions on how to configure Archivers in a system via the FxV browser
interface, see the FxV Installation and Administration Guide.
Performing Advanced FxV Administration 167
Collectors
Collectors
The Collector components run on Foglight Experience Monitor appliances, but the
Collector Group configurations (that govern those Collector components) are centrally
defined in the Foglight Experience Viewer Server.
Collector Groups allow load-balancing configuration to be centrally controlled across
all Foglight Experience Monitor and Foglight Experience Viewer appliances. Each
Collector polls the Foglight Experience Viewer Server for load-balancing and security
configuration needed for data capture (including the correct private route for monitored
traffic). Collector Groups are also used to roll-up health metrics, to alert on capture
errors or other data quality problems.
To view the Collector Groups configured in your system:
• In the FxV browser interface, on the menu bar, click Configure > Collectors.
The Collectors page appears, showing the following sections:
• Attached Collectors—lists all the Collectors that have made contact with the
Server.
• Collector Groups—lists all the Collector Groups defined in the system.
For detailed instructions on how to configure Collector Groups in a system, see the FxV
Installation and Administration Guide.
168 Foglight Experience Viewer
User Guide
Superuser Tasks
This section presents the list of “superuser tasks” that an administrator can perform via
the FxV browser interface. For details about these topics, see the following sections:
• “Appliance Maintenance” on page 168
• “Metrics” on page 172
Appliance Maintenance
An administrator can use the buttons available in the Appliance Maintenance section to
perform the following operations, as part of the FxV appliance maintenance:
• Manage SSH—turns on/off the SSH (secure shell) service for all FxV hosts.
Note For detailed instructions on how to enable/disable the SSH access via the FxV
browser interface, see the FxV Installation and Administration Guide.
• Kill All Analysis Repository User Queries—kills all currently active Analysis
Repository queries.
Note Due to the open nature of the FxV Analysis Repository, it is possible to perform
queries that may take an extremely long time to complete.
Performing Advanced FxV Administration 169
Superuser Tasks
• Reset Analysis Repository Password—resets the password for the fxv MySQL
user account for the Analysis Repository.
Note The two Analysis Repository tasks described in this section are only available if the Analysis
Repository has been enabled.
Foglight Server using this IP address, so this address must resolve from the
FxV Server appliance.
If you want to send metrics from FxV to Foglight via SSL, you must specify
the HTTPS/SSL port number for Foglight in the Foglight Server IP Address
field (for example, 10.10.11.1:8443). By default, the HTTPS/SSL port
number is 8443.
To disable Foglight 5 integration, leave the Foglight Server IP Address field
blank.
• Appliance Group Identifier—specifies a unique identifier for the appliance
group managed by this FxV Server.
Note This field needs to be modified only when multiple FxV Servers feed data into a
single Foglight 5 Server.
Server Configuration
This feature allows you to set advanced configuration parameters that impact the entire
FxV system.
To set the advanced configuration parameters:
1 In the FxV browser interface, on the menu bar, click Configure > Superuser
Tasks.
The Superuser Tasks page appears.
2 Click Server Configuration.
Performing Advanced FxV Administration 171
Superuser Tasks
Important These settings rarely need to be changed. Exercise extreme caution when making any
changes, as the impact to the system may be significant.
172 Foglight Experience Viewer
User Guide
Metrics
A metric is an instance of time-series data used to indicate and track health or
performance factors, and to trigger actions when thresholds are breached. Examples of
metrics include the value of abandoned shopping carts per day in dollars, or the total
size of the database in TB.
During hit processing and analysis, the FxV Archiver performs several actions,
including updating the metrics for each hit. The metric updates are recorded in the
database for later searching.
The FxV Server maintains all metrics related to user sessions. It also pushes metric data
up to a remote Foglight Management Server, if configured to do so. For more
information, see “Manage Foglight Integration” on page 169.
The FxV browser interface allows the administrator to perform the following operations
with metrics:
• View Metrics—view system health metric data collected for the Foglight
Experience Viewer.
• Run Metric Based Diagnostics—analyze, capture, and replay health metrics over
the past 24 hours (user-defined metrics can only be viewed in the Foglight
Management Server). The resulting report lists any problems found and
recommends solutions for each of these problems.
• Reset Metric History—delete all metric history.
Important Metric history cannot be recovered once deleted.
• Server
Note For a description of metrics that can be viewed in the FxV browser interface, see
“Appendix: FxV Metrics” on page 199.
3 Review the metrics collected for the FxV appliance by navigating through the
available tabs. Use the Hide or Show icons to hide or show (respectively) an
entire category.
Up to seven icons may appear to the right of any given metric value:
• Move your mouse pointer over this icon to view the timestamp that the
Metric’s value was last updated.
• Move your mouse pointer over this icon to quickly view a graph of the
metric’s history over the last 60 minutes.
• Click this icon to view the Metric History. This screen displays a large
graph of the metric’s history and provides options for displaying alternate time
ranges.
• Click this icon to open the Alarm Log for the metric. This screen shows all
alarms (that is, any time the metric’s status changed) for the metric.
Note This icon is only displayed for metrics that have alarm conditions defined.
• Click this icon to view the alarm conditions defined for the metric.
Note This icon is only displayed for metrics that have alarm conditions defined.
To run a metric-based diagnostic on the FxV metrics collected during the last 24 hours:
1 In the FxV browser interface, on the menu bar, click Configure > Superuser
Tasks.
The Superuser Tasks page appears.
2 Click Run Metric Based Diagnostics.
The Diagnostics page appears. The resulting report lists any problems found and
recommends solutions for each of these problems.
Note Only certain predefined health metrics are checked by these diagnostics. Custom
metrics defined by hit or transaction filters are not included.
10
Managing User Account Settings
This chapter presents the settings that the FxV browser interface provides to FxV
administrators for managing the FxV users and the permissions they have when using
the FxV resources.
The following diagram illustrates the relationship between the concepts presented in
this chapter.
Figure 1
• guest—defined as part of the guests user group, for which all administrative
privileges are disabled (except for “Hit Content Replay”). When logged in as this
user, you can only use the resources offered by the FxV browser interface for hit,
session, transaction, and custom searches.
Note From the system’s perspective, these default users are not special in any way. They can be
modified or deleted from the system like any other user.
• To create a new user account, click Create User, then fill in the information
requested.
Note A “personal” User Group and a “personal” Resource Group are automatically
created for each new User in the system. Each personal group corresponds to a
single user and cannot be deleted.
178 Foglight Experience Viewer
User Guide
• To disable all user accounts defined in the system, click Disable All Users,
then confirm that you want to disable all users in the system, except yours.
Note The disabled users are automatically logged out of the system and are treated as
though they do not exist. The Disabled icon papers beside the User names
when they are disabled.
• To enable all user accounts defined in the system, click Enable All Users,
then confirm that you want to enable all users currently disabled in your
system.
Note Depending on the state of the user and your privileges, some of these icons may not
appear for certain Users. Specifically, users who own resources cannot be deleted
from the system. To remove such a user, first edit it, click View Resources, and
either delete or re-assign ownership of any resources owned by this user.
3 Click the Edit icon beside the User for which you want to manage resources.
The User page appears, displaying the fields available for editing.
4 Click View Resources.
The User Resources page appears, displaying the list of resources owned by the
selected User, or a warning message in the case the User does not own a particular
type of resource.
5 Do one of the followings:
• To re-assign the ownership of a resource, click the Change Owner icon.
• To change the Resource Groups to which a resource belongs to, click the
Share icon.
• To delete a resource from the list of owned resources, click the Delete icon.
Note Depending on the state of the resource and your privileges, some of these icons
may not appear for certain resources.
Edit Hit Analysis Allows the users in this User Group to edit the Hit
Analysis settings.
View Hit Analysis Allows the users in this User Group to view the Hit
Analysis settings.
Hit Content Replay Displays the Content Replay view when exploring
a session of interest.
Note From the system’s perspective, these default user groups are not special in any way. They
can be modified or deleted from the system like any other user group.
d Add Resource Groups that should be linked to this User Group, and specify
the privileges users should have with respect to the resources in these groups.
For details about resource privileges, see “User Group Settings” on page 178.
Note Depending on the state of the User Group and your privileges, some of these icons
may not appear for certain User Groups.
Resource Groups
A Resource Group is a collection of resources that can be associated with one or more
User Groups, in order to customize the users’ access to those resources.
The following types of resources can be created in the system: Custom Search Screens
and Saved Searches (for more information about these topics, see “Creating and Editing
Custom Search Screens” on page 67 and “Creating and Editing Saved Searches” on
page 66).
Each resource is owned by a single User, but it can be associated with one or more
Resource Groups. For different User Groups, you can grant/restrict the access privileges
to these resources. For more information about these topics, see “Users and User
Groups” on page 176.
Three Resource Groups are pre-defined and delivered by default with new FxV
systems:
• Default—group that associates all resources with the two pre-defined User
Groups (administrators and guest).
• Personal RG:admin—“personal” group automatically created when the admin
user is defined. This group is deleted only when the admin user is deleted.
• Personal RG:guest—“personal” group automatically created when the guest user
is defined. This group is deleted only when the guest user is deleted.
Note From the system’s perspective, these default resource groups are not special in any way.
They can be modified or deleted from the system like any other resource group.
The Resource Groups page appears, displaying the list of existing resource
groups.
3 Do one of the following:
• To view additional information about a Resource Group, click the View
icon.
• To edit the information of a Resource Group, click the Edit icon.
The editing page allows you to define the type of resources that can be placed
in this Resource Group (by selecting the corresponding Allowed Resource
Types check boxes), to view the list of resources associated to this Resource
Group (by clicking View Resources), and to control the mapping between the
User Group and Resource Groups (that is, specify the privileges users should
have with respect to the resources in the Resource Groups linked to any
number of User Groups).
• To remove a Resource Group from the system, click the Delete icon.
Note Each “personal” Resource Group is linked with the user’s personal User Group
and cannot be deleted.
• To create a new Resource Group, click Create Resource Group, then fill in
the information requested.
Note Depending on the state of the Resource Group and your privileges, some of these
icons may not appear for certain Resource Groups.
Preference Groups
A Preference Group is a group of FxV Users with common default user preference
settings. Each User belongs to exactly one Preference Group.
Within a group, you can:
• Manage the list of Users assigned to the Preference Group.
• Define which values can be changed by the Users in the group, by selecting/
clearing the lock check box beside a particular setting in the Session Explorer
Settings or the Search Settings lists. Settings that are locked cannot be overridden
by individual Users. Settings that are unlocked serve as defaults, and may be
changed by individual Users. Locking a setting overrides immediately any user-
specified values.
Managing User Account Settings 185
Preference Groups
• To create a new Preference Group, click Create Preference Group, then fill
in the information required.
Regular expressions allow you to identify and extract data during several steps of the
FxV Hit Analysis process. The details of how they are used varies slightly depending on
the circumstance.
This appendix examines these differences thoroughly. For details, see these topics:
Regular Expressions Overview .................................................................................................188
Regular Expressions in FxV ......................................................................................................192
FxV Regular Expression Tester .................................................................................................198
188 Foglight Experience Viewer
User Guide
Note This operation is different than using the “Matches” operator in a Hit Filter match condition.
When extracting a value in this manner, the regular expression must contain a set of
parenthesis that indicates the portion of the expression to be returned. Expressions
defined without any parenthesis do not work.
Note Only one set of parenthesis may be used in this context. Specifying an expression such as
(\d+)xyz(\d+) does not return data from both sets of parenthesis. Only the data matching the
first set of parenthesis (“Group 1”) is returned.
This expression means “match zero or more digits, a period, and two more digits.” The
entire expression is wrapped in parenthesis, indicating that the entire value must be
returned.
The following expression can also be used for extracting the same desired data:
(\d*\.\d\d)USD
As long as all values are followed by the letters “USD”, this expression would produce
the same results as the expression in the first example.
Similarly, the expression:
\d*\.\d\d(\S{3})
could be used to extract the three-letter currency code into a “currency” custom field.
This expression can be read as “match zero or more digits followed by a period, two
more digits, and three more non-whitespace characters. Return only the three non-
whitespace characters.”.
The expression:
(\S{3})
would not produce the desired results, as it would return only the 123 for the input data
123.45USD.
Multiple Matches
A Sensitive Content regular expression is matched repeatedly until the end of the page
being processed is reached. For example, consider the following HTML page:
<HTML><BODY>Your credit card number is 4123123412341234 and
my credit card number is <B>4111222233334444</b></BODY></
HTML>
The following regular expression would identify both credit card numbers as sensitive:
\d{16}
This expression means “Look for 16 consecutive digits. Once you find a match, start
looking again.”. An expression like this does not require any wrapping parenthesis since
everything that matches the expression is considered sensitive.
However, it is not always possible to define an expression like this that matches
everything that is sensitive, without also matching non-sensitive data. For example,
consider the following HTML page:
<HTML><BODY>Account:123-4567<BR>Phone:303-555-1212</BODY></
HTML>
and the expression:
\d{3}-\d{4}
This would match both 123-4567 and 555-1212. If the goal is to mark the account
number as sensitive, but not the phone number, this expression is not sufficient. Instead,
additional context should be provided and parenthesis should be used to identify the
sensitive portion of the expression:
Account:(\d{3}-\d{4})
This expression is explicitly looking for the text “Account:” followed by an account
number matching the expected format. Since the phone number is not preceded by
“Account:”, it is not a match. The parenthesis indicate that only the account number
itself (not the text “Account:”) should be considered sensitive.
196 Foglight Experience Viewer
User Guide
Group Numbers
Data matched by Sensitive Response Content Expressions is returned in one or more
“groups”. Expressions that do not contain parenthesis have only one group: Group 0.
This group contains everything returned each time the expression matches. For
example:
Expression: \d\d
Content: 12 34 foobar 56
Group 0 (match 1): 12
Group 0 (match 2): 34
Group 0 (match 3): 56
When one or more set of parenthesis are included in the expression, each set of
parenthesis identifies a new “group”. Group 0 represents the entire expression. For
example:
Expression: (\d)(\w)
Content: 1a 3b 5c
Group 0 (match 1): 1a
Group 1 (match 1): 1
Group 2 (match 1): a
Group 0 (match 2): 3b
Group 1 (match 2): 3
Group 2 (match 2): b
Group 0 (match 3): 5c
Group 1 (match 3): 5
Group 2 (match 3): c
Any time you use parenthesis in a Sensitive Response Content expression, it is
important to ensure that the appropriate group(s) are marked as sensitive. The most
common case is to define a single group (Group 1) and mark it as sensitive. For
example:
Regular Expression: Password=<b>(\w+)</b>
Content: Password=<b>trinity</b>
Sensitive Groups: 1
Appendix: Java Regular Expressions in FxV Hit Analysis 197
Regular Expressions in FxV
In this case, only the password itself (the text between the <b> and </b> tags) would be
considered sensitive. However, if Group 0 were specified rather than Group 1,
everything matching the expression (Password=<b>trinity</b>) would be considered
sensitive.
Multiline Matching
There are subtle details related to evaluating regular expressions against text that spans
multiple lines. Consider the following HTML page:
<HTML>
<BODY>
<B>
Hello1
World2
Goodbye3
</B>
</BODY>
</HTML>
The character “$” matches the end of a line, not the end of the document. The
expression:
World(\d)$
returns 2 for Group 1.
The wildcard operator (*) does not stop at the end of a line. The expression:
<B>(.*)</B>
returns for Group 1:
Hello1
World2
Goodbye3
Note The behavior described in this section corresponds to the Java regular expression flags
DOTALL and MULTILINE. This note is addressed to readers familiar with Java regular
expressions (or those using a Java regular expression tester other than the one provided in
the FxV browser interface).
198 Foglight Experience Viewer
User Guide
Archiver Metrics
You can select an Archiver to display its individual metrics, or “Totals” to display total
metrics across all Archivers in the system.
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself. Collector metrics show health of the capture system from the Foglight
Experience Monitor viewpoint.
% Of Hits Discarded No
Exceptions - No Response No
Exceptions - No Session ID No
Exceptions - Timeout No
% Of Hits Discarded
Reports percentage of hits sent to a Capture Appliance but discarded before processing
could complete. Each Archiver has a limited amount of memory to buffer hits before
processing and, when this buffer fills up, incoming hits are discarded.
% Of Hits Discarded = Hits Discarded / Hits Processed
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
204 Foglight Experience Viewer
User Guide
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Appendix: FxV Metrics 205
Archiver Metrics
Exceptions - No Response
Reports number of hits for which no response was captured. This is often caused by a
connection reset or timeout. Due to the abnormal termination of the hit, not all hit
details, including content, may have been captured. This metric is automatically updated
prior to hit analysis.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Exceptions - No Session ID
Reports number of hits that were not sessionized. This metric is automatically updated
prior to hit analysis.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Exceptions - Timeout
Reports number of hits that timed out. A timeout is determined by the Monitor when the
server does not respond within the TCP timeout period. This metric is automatically
updated prior to hit analysis.
Note To find these metrics, do a hit search on the Exception property for this exception type.
Note To find these metrics, do a hit search on the Exception property for this exception type.
206 Foglight Experience Viewer
User Guide
Note To find these metrics, do a hit search on the Exception property for this exception type.
Hits Discarded
Reports number of hits sent to a Capture Appliance but discarded before processing
could complete. Each Archiver has a limited amount of memory to buffer hits before
processing, and when this buffer fills up incoming hits are thrown away.
Note Discarded hits are not counted as Hits Processed. Discards can also occur at the Collector
before hits are sent.
Hits Failed
Reports the number of hits that could not be processed due to an Archiver runtime
failure. The logs on the Capture Appliance should have further detail on these failures.
Hits Processed
Reports number of hits captured by a Collector, sent to a Capture Appliance, analyzed,
and processed successfully.
Not all of these hits were necessarily written to the capture database for later search and
replay: some hits may have been dropped by a Hit Filter, or discarded while under load,
or in rare cases may have failed to process successfully.
Note A steady increase in this value indicates steady incoming traffic from attached Collectors.
Appendix: FxV Metrics 207
Archiver Metrics
Note To find these metrics, do a hit search on the Corrupt Hit Details custom field using a value of
“*” and the field value will indicate the detail type affected.
Note To find these metrics, do a hit search on the Corrupt Hit Details custom field using a value of
“*” and the field value will indicate the detail type affected.
Note To find these metrics, do a hit search on the Corrupt Hit Details custom field using a value of
“*” and the field value will indicate the detail type affected.
Note To find these metrics, do a hit search on the Corrupt Hit Details custom field using a value of
“*” and the field value will indicate the detail type affected.
208 Foglight Experience Viewer
User Guide
Maintenance Cycles
Reports the number of Maintenance Cycles that have been performed. Maintenance is
performed each day at the time specified in the Analysis Repository Configuration. This
metric is reset to 0 after each restart, and is primarily used to indicate when the
Maintenance Cycle was performed.
Queries Canceled
Reports the number of user queries that were canceled. A query is canceled if it exceeds
the maximum query time as specified in the Analysis Repository Configuration, or if it
is active at the start of a Maintenance Cycle.
Segments - Loaded
Reports the number of capture segments loaded into the Analysis Repository. This is a
daily total and is reset to 0 at midnight each day.
210 Foglight Experience Viewer
User Guide
Total Sessions
Reports the total number of sessions in the Analysis Repository.
Total Transactions
Reports the total number of all transactions in the Analysis Repository. This total
includes transactions for all Transaction Filters that have been selected in the Analysis
Repository Configuration.
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself.
% Of HTML Hits No
Appendix: FxV Metrics 211
Archiver Metrics
Content Uniqueness No
Note Indexing a large percentage of hits can negatively impact system performance and increase
disk use.
212 Foglight Experience Viewer
User Guide
% Of HTML Hits
Reports percentage of hits in the open database segment that were recognized as HTML
hits.
An HTML hit is defined as a hit with a Content-Type response header starting with text/
html, containing a proper HTML tag in the response content, and having a response
code of 200.
Note A large number of aspects can degrade search performance and may indicate a data-
quality problem.
Note More segments are required for more replay history, but a large number of segments can
degrade search performance. Segments are deleted as they expire.
Note The capture database size grows as data is collected, and shrinks as old segments expire
and are dropped over time.
Capture Rate
Reports hits per second received from all attached Collectors over the last two minutes.
This measures the number of hits written to the capture database for later searching.
Content Uniqueness
Reports percentage of non-HTML hits in the open database segment that have unique
values. The higher the uniqueness value, the more disk space is used.
A Non-HTML hit is defined as a hit with a Content-Type response header other than
text/html* or without a proper HTML tag in the response content.
214 Foglight Experience Viewer
User Guide
Note A large number of aspects can degrade search performance and may indicate a data-
quality problem.
Note The storage database grows over time as data is collected and eventually saturates at its
maximum capacity.
Appendix: FxV Metrics 215
Archiver Metrics
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself.
Cached Items No
Config Available No
Segments Closing No
Segments Copying No
Note The Archiver queue may often be at the limit. The TCPBatches process buffers incoming
hits in shared memory and feeds these raw hits to the Archiver for processing.
Note This metric value does not change while the Archiver is running. It is needed for legacy
reasons.
Cached Items
Reports number of unique data items currently held in the Archiver memory cache. A
very large value may indicate a data quality problem or extreme load.
Config Available
Reports whether configuration polling back to the Server was successful on the last
attempt. When an Archiver is added to a Server, it begins to contact the Server
periodically for configuration settings.
Important When an Archiver is restarted, it must be able to contact the Server successfully once
before it is able to capture incoming hits.
218 Foglight Experience Viewer
User Guide
Note Larger values indicate increased CPU time spent on hit analysis. Creating hit filters or
transaction filters tends to increase this value.
Note Larger values indicate greater memory usage. Creating hit filters tends to increase this
value.
Note Larger values indicate increased memory usage and higher concurrency. A large number of
sessions may also indicate timeouts that are set too short.
Note Larger values indicate increased memory usage and CPU time spent on hit analysis.
Creating transaction filters tends to increase this value.
Note The amount of free memory can change very rapidly as the JVM automatically resizes the
heap.
Note This value can increase suddenly when a spike in capture traffic occurs. It decreases
gradually over periods of relative inactivity.
Note The amount of used memory can change very rapidly as the JVM automatically resizes the
heap.
Note These dynamic metrics values are updated in the background every two minutes. A large
sustained value indicates the appliance is under heavy load.
Appendix: FxV Metrics 221
Archiver Metrics
Note This value is zero if segment transfer is not enabled. Otherwise, the value should increase
linearly as attempts are made.
Segments Closing
Reports number of segments currently being closed by the Archiver.
Note This value should be between zero and one when the Archiver is healthy.
Segments Copying
Reports number of segments currently being copied to a remote Storage Appliance.
Copying the segment is the most expensive and longest phase of the segment transfer
process.
Note This value should be between zero and two when the Archiver is healthy.
Note If segment transfer is enabled, this value should be zero, unless errors have occurred.
Otherwise, this value increases linearly.
222 Foglight Experience Viewer
User Guide
Note If segment transfer is enabled, this value should be small, unless errors have occurred.
Otherwise, this value increases linearly.
Note If segment transfer is enabled, this value should be small, unless errors have occurred.
Otherwise, this value increases linearly.
Note This metric value does not change while the Archiver is running.
Note TCPBatches should normally use very little shared memory, but short periodic bursts are
normal. A sustained value above 25% of the shared memory size indicates the Capture
Appliance is having difficulty keeping up with incoming traffic.
Appendix: FxV Metrics 223
Archiver Metrics
Note The amount of free memory can change very rapidly as the JVM automatically resizes the
heap.
Note This value can increase suddenly when a spike in capture traffic occurs. It decreases
gradually over periods of relative inactivity.
Note The amount of used memory can change very rapidly as the JVM automatically resizes the
heap.
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself.
Free Memory No
Processes Blocked No
Processes Running No
Note This value is typically low even in high-volume installations. Archivers rely upon write
buffering at the RAID controller, so there should be almost no write buffering in the
operating system.
Note The operating system uses free memory as a disk cache to improve I/O performance. A
significant amount of memory (50% or more) may be allocated to disk caching, or this value
may be as low as one-eighth of total memory.
226 Foglight Experience Viewer
User Guide
Note This value can spike up to 70%+ for very short periods of time (one observation), but should
usually be 10% or less. A consistent high value indicates a drive failure or serious software
problem.
Free Memory
Reports amount of appliance operating system memory that is currently not used for any
purpose.
Note It is normal to have almost no free memory, since the operating system tends to use any
available memory either for disk read caching or write buffering.
228 Foglight Experience Viewer
User Guide
Processes Blocked
Reports total number of processes that are waiting to run, averaged over a five-second
period when the metric was last updated.
Note This value may be consistently zero for lightly loaded systems. Under heavy load, this value
oscillates normally as I/O operations are synchronized. A consistent high value may
indicate a threading problem.
Processes Running
Reports total number of processes currently running, averaged over a five-second period
when the Metric was last updated.
Note This value may be small for lightly loaded systems. Under heavy load, this value oscillates
normally as I/O operations are synchronized.
Note This value should always be zero, Archivers are configured to never swap.
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself.
Appendix: FxV Metrics 229
Archiver Metrics
Cities Calls No
Content Calls No
Cookies Calls No
Countries Calls No
Fields Calls No
ISPs Calls No
Metrics Calls No
Paths Calls No
Regions Calls No
Cities Calls
Reports number of requests for all Cities. This metadata is used in the FxV browser
interface for searching and building filters.
Content Calls
Reports number of searches for hit content based on specific hit or session IDs, used for
replay or export. Raw content returned by the Archiver is rewritten by the Server as
needed for display purposes.
Appendix: FxV Metrics 231
Archiver Metrics
Cookies Calls
Reports number of requests for all Cookie names. This metadata is used in the FxV
browser interface for searching and building filters.
Countries Calls
Reports number of requests for all Countries. This metadata is used in the FxV browser
interface for searching and building filters.
Fields Calls
Reports number of requests for all Field names. This metadata is used in the FxV
browser interface for searching and building filters.
ISPs Calls
Reports number of requests for all ISPs. This metadata is used in the FxV browser
interface for searching and building filters.
Metrics Calls
Reports number of requests for raw metric values. The Server updates Metric History
every two minutes, so a steady number of calls is normal.
Paths Calls
Reports number of requests for all Paths. This metadata is used in the FxV browser
interface for searching and building filters.
Regions Calls
Reports number of requests for all Regions. This metadata is used in the FxV browser
interface for searching and building filters.
Script Metrics
This Metric Category contains all Metrics concerning the Hit Analysis Scripts. These
are dynamic metrics that are collected for each script defined.
Note They are displayed for individual Archivers, as well as for “Totals”.
Collector Metrics
You can select a Collector to display its individual metrics, or “Totals” to display total
metrics across all Collectors in the system.
The Collector metrics are currently grouped into one category, Collector Health.
Collector Health
This Metric Category provides information about the health of any attached Collectors.
These Metrics are primarily used to troubleshoot problems in the Foglight Experience
Monitor, some have alarm conditions defined by default.
Note These metrics do not reflect the health of your Web applications, only the capture/replay
system itself.
Hits In Progress No
Hits In Progress
Reports the number of hits currently being captured by the Collector but not yet sent to
an Archiver.
Server Metrics
The Server metrics include the following categories:
• “Server Health” on page 237
• “Server Sessions” on page 239
• “Server Replay Cache” on page 239
• “Server Requests to Archivers” on page 240
Appendix: FxV Metrics 237
Server Metrics
Server Health
This Metric Category provides information about the internal health of the Server.
These Metrics are primarily used to troubleshoot Server problems, some have alarm
conditions defined by default.
Note These metrics do not reflect the health of the Web servers running your Web applications,
only the Foglight Experience Viewer Server itself.
Database Size
Reports size of Server database, used to store Metric History and system configuration.
Note Captured hits, sessions, and transactions are not stored in the Server database, which is
relatively small.
Note The amount of free memory can change very rapidly as the JVM automatically resizes the
heap.
Note This value can increase suddenly when a spike in capture traffic occurs. It decreases
gradually over periods of relative inactivity.
238 Foglight Experience Viewer
User Guide
Note The amount of used memory can change very rapidly as the JVM automatically resizes the
heap.
Server Sessions
This Metric Category provides information about the Users currently logged into the
Foglight Experience Viewer Server. These Metrics are primarily used to troubleshoot
Foglight Experience Viewer Server problems.
Note These metrics do not reflect the activity on the Web servers running your Web applications,
only the Foglight Experience Viewer Server itself.
Active Users
Reports number of Users currently logged into the Server, including administrators.
Error/Warning Metrics
The Error/Warning Metrics list contains all metrics that are currently in an “error” or
“warning” state, as defined by their thresholds. There is no default “Error/Warning” set
of metrics.
Only metrics which have thresholds defined (identified by the little View icon at the
end of the metric row) are subject to appearing on this page.
242 Foglight Experience Viewer
User Guide
Errors
This Metric Category contains all Metrics that currently have an Error status. These
metrics are used to indicate serious problems that require immediate attention.
Warnings
This Metric Category contains all Metrics that currently have a Warning status. These
metrics are used to indicate potential problems that bear further investigation.
Term Definition
Agent A software component of the Foglight Experience Monitor that consumes raw
HTTP packets, determines the session ID for each hit, and passes raw hit data
to its local Collector to be transmitted to a Foglight Experience Viewer.
Analysis Secondary database that offers long-term storage of session and transaction
Repository data captured by FxV.
appliance Generic term for a collection of appliances (Foglight Experience Monitors and
group Foglight Experience Viewers), installed side-by-side or federated across
different datacenters, where the intent is to unify appliances together for
searching and reporting purposes.
Every appliance group has one (and only one) Server component running. Data
from multiple appliance groups can be combined in Foglight, but the appliance
groups do not directly know about each other, and represent completely
independent systems.
Appendix: Glossary 245
Component Architecture Terms
Term Definition
Archiver A software component of the Foglight Experience Viewer that accepts hits from
a local Tcpbatches component (through a shared memory interface), and writes
user sessions into the database for later searching and reporting.
The Archiver performs real-time analysis with Hit Filters and Transaction
Filters that profile and alert upon end user behaviors and problems. Multiple
Archivers can be configured in parallel (on separate Foglight Experience
Viewer hosts) to scale up for large capture loads.
The Archiver maintains its subset of the capture database on a local disk, and
manages the transfer of database segments to the storage tier (if present). The
Archiver responds to requests by the Server for search results or detailed
session data. Each Archiver has a complete view of each individual user session
it receives. If one Archiver of several fails, then its user sessions are simply
unavailable until the Archiver is repaired, but the rest of the capture database
can be used.
browser The main visual interface to the Foglight Experience Viewer, a local Web
interface application that runs as part of the Server software component. The browser
interface is used to configure the appliance and to perform searches, and for
user session reporting and visualizations (including visual replay). The browser
interface also supports workflows where customers drill down from the
Foglight or Foglight Experience Monitor interfaces.
capture General term for the searchable repository formed by all available Archiver and
database Storage components (across all available Foglight Experience Viewers). The
capture database is a “distributed database” that is intelligently partitioned and
managed across multiple appliance hosts.
capture tier Generic term for one or more Foglight Experience Viewers used to capture hits
and store user sessions (a collection of Archiver components). The capture tier
is wholly dedicated to the task of capturing data when a storage tier is present.
Term Definition
Collector Generic term for one or more Collector components (running on multiple
Group Foglight Experience Monitors). Collector Groups, which are defined in the
Foglight Experience Viewer browser interface, are primarily used to define
configuration parameters—each Collector polls the Foglight Experience
Viewer Server for load-balancing and security configuration needed for data
capture (including the correct private route for monitored traffic). Collector
Groups are also used to roll-up health metrics and to alert on capture errors or
other data quality problems.
crossover A physical cable that is often used to transfer hits from the FxM to FxV, or
cable database segments between FxV appliances as part of a storage tier
configuration. A crossover cable is generally considered more secure than
sending sensitive data through a private switch.
Note A standard (straight) network cable can be used in place of a crossover cable,
since the network interfaces on both FxV and FxM appliances support auto polarity
correction.
end user The visitor who makes use of the Web server, whose hits and pages are
monitored by the Foglight Experience Monitor, and whose user session is
captured and stored by the Foglight Experience Viewer.
Foglight Related appliance-based product that provides the Foglight Experience Viewer
Experience with data, also licensed and sold with Foglight for user performance and user
Monitor session analysis. The Foglight Experience Viewer cannot be sold without the
Foglight Experience Monitor.
Term Definition
Foglight This is the main visual interface to the Foglight Experience Monitor, a Web
Experience application that runs as part of its Apache software component.
Monitor
browser
interface
Foglight An appliance-based product (hardware and software) licensed and sold with
Experience Foglight as part of its user session analysis capability. This term refers
Viewer somewhat interchangeably to the total package, the specific Dell or MBX
hardware, and/or the general collection of software components running on the
hardware. The appliance is imaged at the factory, and includes a Linux
operating system (Suse Novell Enterprise Linux 10) with all other supporting
components pre-loaded.
Foglight user A customer who has an account for Foglight and the Foglight Experience
Viewer, who wants to analyze and report on user sessions.
248 Foglight Experience Viewer
User Guide
Term Definition
private switch A switch or hub that is used for interconnections between the end user
appliances and the Foglight host. This does not necessarily mean that there is a
single switch device dedicated to Foglight. It is common to create a private
subnet on one or more shared switches to implement this concept in the field.
Rsync A software component that runs on the Foglight Experience Viewer that is used
to transfer database segments from the capture tier to the storage tier. Rsync is
not proprietary to Quest but is a standard preconfigured Linux service. Rsync
operations are managed by the Archiver and Storage components, as part of the
segment transfer process (configured from the setup menu).
SAN Acronym for storage area network. See “storage area network” on page 249.
Server A software component of the Foglight Experience Viewer that hosts the
browser interface and provides the central point of control and configuration.
The Server is used to define users, User Groups, Hit Filters, Transaction Filters,
and all other Foglight Experience Viewer configuration data. The Archiver,
Storage, and Collector components poll the Server for configuration
periodically. When a user performs a search, it is the Server that contacts all
available Archiver and Storage components, and then returns a merged view of
the search results. The Server maintains all metrics related to user sessions and
pushes metric data up to Foglight.
setup menu A text-menu program on the Foglight Experience Viewer that is used to manage
all appliance-local settings, including network cards, time synchronization,
firewall, disk encryption, and component services. This is accessed by logging
in as the setup user locally, or by using the su setup command (switch user)
from the support shell.
SSH A software component that optionally runs on the Foglight Experience Viewer
to allow command-line remote access for administrative or management tasks.
SSH is not proprietary to Quest but is a standard Linux service. An SSH client
(such as Putty) is needed to connect to the SSH service. For security reasons,
SSH access is not allowed by default, but can be turned on through the setup
menu.
Appendix: Glossary 249
Component Architecture Terms
Term Definition
Storage A software component of the Foglight Experience Viewer that accepts database
segments from another appliance for searching and long-term maintenance.
The Storage component has a search API that is identical to the Archiver, but
Storage cannot be used to capture hits like the Archiver. Ordinarily the portion
of the capture database managed by the Storage component is physically
located on a SAN, rather than local disk.
storage area A collection of storage disks that is made available to the Foglight Experience
network Viewer by physically installing a HBA card (QLogic preferred) and attaching a
fiber connection to the storage array. Dell/EMC is Quest’s preferred vendor for
SAN equipment. SAN installations are not limited by the number of drives
installed on the Foglight Experience Viewer (450 GB/host) but can scale out to
24 TB/host or more.
storage tier Generic term for one or more Foglight Experience Viewers used for long-term
storage and other advanced features (a collection of Storage components). The
storage tier provides dedicated resources for searching and reporting that do not
compete with real-time activities on the capture tier. Without a storage tier,
searches and other use of the browser interface is always prioritized below the
real-time capture of user sessions (which can be very demanding). A POC
configuration (such as Antero) does not include a storage tier. Customers with a
large number of concurrent users performing searches, requiring very fast
searching in general (such as in call centers), or needing SAN integration
should definitely have a storage tier. The Server should run on the storage tier
whenever possible to free up resources for capture.
Tcpbatches A software component of the Foglight Experience Viewer that listens for hits
sent by the Collector component of the Foglight Experience Monitor.
Tcpbatches opens and listens on a TCP socket (port 7623 on the Foglight
Experience Viewer) and when hit data is received, it forwards the hit data to its
local Archiver through a shared memory interface.
Web server An installation of Apache, IIS, iPlanet, or other popular software used to host a
customer Web site.
250 Foglight Experience Viewer
User Guide
Term Definition
aspect Aspects are the most basic data type in the database, used to encode hit, session,
and transaction data elements. Aspects can represent numbers, de-duplicated
strings, and other data types such as event or filter matches. Each aspect (such
as hit request field X, or session custom field Y) consumes 2-6 tables within the
database. This term is used only in a monitoring and health context, metric
names in particular. A large number of aspects is one indication of data
pollution, meaning that the collection of aspects grows without bounds.
database The database is divided into segments by time period. Each database segment
segment can contain up to 24 hours or 1.5M hits of information. Each Archiver has only
one of these segments open for writing at a time; this segment is called open
segment. The remainder of the closed segments are accessed only when
searching. This term is used primarily in monitoring and health context for
attribute names, and when describing the transfer of data between the capture
tier and storage tier.
captured hit A hit that was successfully captured into the database, and is online for
searching and reporting.
discarded hit A hit that was lost prior to transmission to an Archiver, or lost by an Archiver
that was overloaded.
failed hit A hit that could not be captured because an internal error occurred on the
appliance.
Appendix: Glossary 251
Data Model Terms
Term Definition
hit A hit is an HTTP request from an end user to a Web server, and the resulting
HTTP response. A hit has a URL, response code, headers, and other data
defined in the HTTP protocol. No two hits are identical. Every hit includes a
Session ID, assigned by the Agent that gathered the hit data on the Foglight
Experience Monitor. The Session ID is typically based on cookies set by the
Web application. A “Web page” typically consists of several hits: an HTML hit
that defines the page, and a series of non-HTML hits for page resources (like
images and style sheets).
hit custom Numeric and string fields generated by Hit Filters and stored with the hits for
fields easy searching later. Clearly distinguished from HTTP request fields.
hit details The collection of all data elements (and their values) that make up a hit:
Captured HTTP length, Client IP, Cookies, End-To-End Time, Client Time,
Processing Time, Server IP, FxM RefererID, FxM UrlID, Exception, Monitor
ID, Request Browser, Request Field, Request Header, Request Method,
Request Path, Request Referer, Request Server, Request URL, Request Type,
Response Code, Response Contains Frameset, Response Contains HTML tag,
Response Content, Response Content Type, Response Header, Response
HTML Title, Hit Identifier, Batch ID, Session ID, Custom Fields.
hit dropped by A hit that was intentionally dropped by a Hit Filter that indicated the hit should
Hit Filter not be stored. Metrics will still be updated for a dropped hit.
hit status The final status (OK, Error, Warning) of a hit after all Hit Filters were applied.
A hit has a status of OK unless any problems are noted.
metric A metric is an instance of time-series data used to indicate and track health or
performance factors, and to trigger actions when thresholds are breached.
Examples of metrics include the value of abandoned shopping carts per day in
dollars, or the total size of the database in TB.
metric update An individual change to a metric that is recorded in the database for later
searching. Searching metric updates is an easy way to find user sessions that
impacted a particular business indicator.
252 Foglight Experience Viewer
User Guide
Term Definition
session A session is a set of hits (all having the same Session ID at the Agent that
gathered the hit data) that represents the interaction of the end user with the
Web server. A session is uniquely identified by its Session ID, Start Time (the
earliest hit timestamp in the session), and Last Hit Time (the latest hit
timestamp). A session begins when the first hit is seen for a given Session ID,
and ends after a time-out period or other stop conditions. An active session is
one that has started, but not yet stopped or timed out.
session Numeric and string fields generated by Hit Filters or Transaction Filters and
custom fields stored with the session for easy searching later.
session details The collection of all data elements (and their values) that make up a session:
Session ID, Start Time, Last Hit Time, Time of First Error, Time of Last Error,
Total Hits, HTML Hits, Total Errors, Total Warnings, HTML Errors, HTML
Warnings, Total Transactions, Transaction Errors, Transaction Warnings, End-
To-End Time, Client Time, Processing Time, City, Region, Country, ISP,
Subnet, BrowserType, Username, Session Custom Fields.
sessionless hit A hit where a Session ID was not specified by the Agent, usually indicating that
there was no sessionizing rule defined by the Foglight Experience Monitor that
led to a meaningful result. The details of these hits can be inspected, but there is
no user session for reporting or visual replay.
transaction Numeric and string fields generated by Transaction Filters and stored with the
custom fields transactions for easy searching later.
transaction Similar to session details (see “session details” on page 252), but for
details transactions. Includes transaction events and transaction custom fields.
Appendix: Glossary 253
Product Feature Terms
Term Definition
transaction Each transaction has a list of events that describe activity in that particular
event instance. An event is a checkpoint that occurred, did not occur, or occurred
multiple times within the transaction. Event definitions are maintained as part
of a Transaction Filter.
Term Definition
Custom Search A Custom Search Screen is a simplified search screen intended for less
Screen technical users or for frequently used searches. Each Custom Search Screen is
based on a Saved Hit Search, a Saved Session Search, or a Saved Transaction
Search (see “Saved Search” on page 254).
Hit Analysis Refers to the process by which an Archiver analyzes each hit according to rules
configured on the Hit Analysis screen. This includes the processing and
evaluation of Hit Filters, Transaction Filters, Special Transaction Events,
Scripts, Sensitive Hit Details, Sensitive Response Content Expressions, Session
Configuration settings, and Archiver Configuration settings. It results in
updates to hit, session, and transaction data including the setting of Custom
Fields and Metrics as well as updates to other hit, session, and transaction
details.
254 Foglight Experience Viewer
User Guide
Term Definition
Hit Filter A collection of conditions and actions used to analyze hits as they are captured.
Hit Filters can be used to detect and alert on any per-hit conditions, to mark
interesting hits for later searching, or to manage hit/session storage.
Hit Filters are used to define events within Transaction Filters. Hit Filters can
use powerful regular expressions or Scripts to extract data from any hit details.
Hit Filters give a helpful and relevant context to the captured data to make
searching and reporting easier.
Hit Search Find hits based on a collection of search criteria including custom fields, metric
updates, and Hit Filter matches.
Preference A group of users with common default user preference settings. Within a
Group Preference Group, you can define which values can and cannot be changed by
the users in the group. A user belongs to only one Preference Group.
Resource A general term for an object configured in the system and owned by a single
user of the system. Resources are assigned to Resource Groups which allow
access to them to be restricted based on User Groups. Resources include:
Custom Search Screens and Saved Searches.
Resource A collection of Resources that can be associated with one or more User Groups
Group in order to grant users access to those resources.
Saved Search Used to save and quickly retrieve frequently used search criteria. Saved
Searches can also be used to define search phases for Custom Search Screens.
Script A snippet of custom logic written in the Groovy scripting language. A Script is
executed by a Hit Filter or Transaction Filter, which can use the output
variables published by the Script to update custom fields or metrics. Scripts can
perform advanced tasks, including: evaluating complex match expressions,
transforming hit data, applying complex regular expressions, or integrating
with external systems.
Appendix: Glossary 255
Product Feature Terms
Term Definition
Sensitive Hit A specification of one or more request fields, request headers, response headers
Detail or cookies identified as “sensitive” (for example, fields used to submit credit
cards or passwords). A Sensitive Hit Detail is not displayed to users in search
results or replay. Instead, the data is replaced with alternate configurable text or
left blank.
Session Merging multiple sessions together during a visual replay (not at capture time).
Combining Used as a last resort when there are sessionizing problems.
Session Find sessions based on a collection of search criteria including custom fields,
Search metric updates, Hit Filter matches, errors found, or transactions completed.
Transaction A collection of conditions and actions used to analyze sessions as they are
Filter captured, and to identify the distinct transactions within those sessions.
Transaction Filters can be used to detect and alert on any activity within a
session, and to calculate custom metrics across aggregated sessions or
transactions. A Transaction Filter can detect multiple events that provide
information about site problems and client activity within a related set of pages.
Transaction Filters give a helpful and relevant context to the captured data to
make searching and reporting easier.
Transaction Find transactions based on a collection of search criteria built from the filter
Search definition, including custom fields, events, and metric updates if they are
defined.
User Group Defines permissions for users logging into the browser interface. Every user
belongs to at least one User Group.
256 Foglight Experience Viewer
User Guide
Term Definition
DNS Domain Name System. Is the way that Internet domain names are located and
translated into Internet Protocol addresses. A domain name is a meaningful and
easy-to-remember “handle” for an Internet address.
Because maintaining a central list of domain name/IP address correspondences
would be impractical, the lists of domain names and IP addresses are
distributed throughout the Internet in a hierarchy of authority. There is probably
a DNS server within close geographic proximity to your access provider that
maps the domain names in your Internet requests or forwards them to other
servers in the Internet.
Ethernet The most widely-installed local area network (LAN) technology. Specified in a
standard, IEEE 802.3, Ethernet was originally developed by Xerox and then
developed further by Xerox, DEC, and Intel.
HBA Host Bus Adapter. Is a circuit board and/or integrated circuit adapter that
provides input/output (I/O) processing and physical connectivity between a
server and a storage device. Because the HBA relieves the host microprocessor
of both data storage and retrieval tasks, it can improve the server's performance
time. An HBA and its associated disk subsystems are sometimes referred to as a
disk channel.
HTTP Hypertext Transfer Protocol. Is the set of rules for transferring files (text,
graphic images, sound, video, and other multimedia files) on the World Wide
Web. As soon as a Web user opens their Web browser, the user is indirectly
making use of HTTP. HTTP is an application protocol that runs on top of the
TCP/IP suite of protocols (the foundation protocols for the Internet).
NIC Network Interface Card. Computer circuit board or card that is installed in a
computer so that it can be connected to a network.
Term Definition
Term Definition
A architecture 18
about Foglight 10 browser interface 28
about Foglight Experience Viewer 10 data model 22
about Quest Software 15 metrics 199
account information, setting preferences 72 overview 17
advanced administration terminology 243
appliance maintenance 168 Archiver configuration 125
Archivers 166 Archivers, administering 166
Collectors 167
Foglight integration 169 B
metrics 172 browser interface
overview 165 automatic login via Foglight 29
Server configuration 170 logging in 29
superuser tasks 168 screen elements 30
Analysis Repository tips 34
accessing
from Foglight 161
C
from Toad for MySQL 161
architecture 151 captured metadata, overview 117
configuration 154 Collectors, administering 167
data access 161 Combined Sessions view 63
data transfer 160 component architecture terms 244
detailed configuration 159 configuration change log 128
initial setup 154 configuration import/ export 130
overview 150 configuring
session table 151 Analysis Repository 149
transaction tables 153 custom fields 113
analyzing, session 21 hit analysis process 79
appliance Hit Filters 90
advanced administration 165 metrics 115
260 Foglight Experience Viewer
User Guide
P
I
performing
import configuration 130
hit analysis 20
initial setup, Analysis Repository 154
searches 20
processing, hits 18
J product feature terms 253
Java regular expressions
in FxV Hit Analysis 187 R
overview 188
regular expressions
testing in FxV 198
assigning custom field or metric values 193
using in FxV 192
extracting a portion of a hit detail 194
extracting a single value 193
M greedy vs. reluctant 191
managing group numbers 196
preference groups 184 identifying Sensitive Response Content 195
resource groups 183 looking for “matches” 192
user account settings 175 multiple matches 195
user and user groups 176 mutiline matching 197
match conditions using “matches” in Hit Filter match conditions 192
defining 81
262 Foglight Experience Viewer
User Guide
U
updating, hit status 89
user account
managing resource groups 183
managing settings 175
managing user and user groups 176
preference groups 184
user groups
264 Foglight Experience Viewer
User Guide