AppDynamics

Receive alerts from Splunk AppDynamics APM

Overview

Easyalert automatically detects and processes HTTP Request Action webhooks from Splunk AppDynamics.

Requirements

Splunk AppDynamics account (SaaS or On-Premises)
Easyalert account and active tenant
Admin or Account Owner permissions in AppDynamics

Setup Instructions

Step 1: Create Integration in Easyalert

Go to Integrations page from left menu
Click Add Integration button
Select AppDynamics as Source Type
Enter a name (e.g., AppDynamics Production)
Click Create to save
Copy the generated Webhook URL

Example: https://api.easyalert.io/api/v1/webhooks/ingest/wh_abc123...

Step 2: Create HTTP Request Template

Go to Alert & Respond → HTTP Request Templates → New

Field	Value
Name	`Easyalert Webhook`
Request URL	Your Webhook URL
Method	`POST`
MIME Type	`application/json`

Step 3: Configure Payload Template

Use this recommended payload:

{
  "event_name": "${latestEvent.displayName}",
  "event_guid": "${latestEvent.guid}",
  "event_id": "${latestEvent.id}",
  "policy": "${policy.name}",
  "event_time": "${latestEvent.eventTime}",
  "app_id": "${latestEvent.application.id}",
  "app_name": "${latestEvent.application.name}",
  "event_message": "${latestEvent.eventMessage}",
  "severity": "${latestEvent.severity}",
  "event_deep_link": "${latestEvent.deepLink}",
  "controller_url": "${controllerUrl}",
  "node_id": "${latestEvent.node.id}",
  "node_name": "${latestEvent.node.name}",
  "summary": "${latestEvent.summaryMessage}",
  "event_type": "${latestEvent.eventType}",
  "tier_id": "${latestEvent.tier.id}",
  "tier_name": "${latestEvent.tier.name}",
  "health_rule_id": "${latestEvent.healthRule.id}",
  "health_rule_name": "${latestEvent.healthRule.name}",
  "incident_id": "${latestEvent.incident.id}",
  "account_name": "${account.name}",
  "customer": "YOUR_CUSTOMER_NAME",
  "team": "YOUR_TEAM_NAME",
  "environment": "production"
}

Step 4: Create Action

Go to Alert & Respond → Actions → Create
Action Type: HTTP Request
Name: Easyalert Notification
HTTP Request Template: Easyalert Webhook
Click Save

Step 5: Attach to Policy

Go to Alert & Respond → Policies
Edit or create a policy
In Actions section:
- On Policy Open - Warning → Easyalert Notification
- On Policy Open - Critical → Easyalert Notification
- On Policy Close → Easyalert Notification

Template Variables

AppDynamics uses Apache Velocity syntax (${variable}):

Variable	Description
`${latestEvent.eventType}`	Event type (POLICY_OPEN_*, etc.)
`${latestEvent.id}`	Event ID
`${latestEvent.guid}`	Event GUID
`${latestEvent.displayName}`	Event display name
`${latestEvent.severity}`	Severity (INFO, WARN, ERROR)
`${latestEvent.summaryMessage}`	Event summary
`${latestEvent.eventMessage}`	Event message
`${latestEvent.application.name}`	Application name
`${latestEvent.tier.name}`	Tier name
`${latestEvent.node.name}`	Node name
`${latestEvent.healthRule.name}`	Health rule name
`${latestEvent.incident.id}`	Incident ID
`${policy.name}`	Policy name
`${latestEvent.deepLink}`	Link to event in AppDynamics
`${controllerUrl}`	Controller URL
`${account.name}`	Account name

Field Mapping

AppDynamics Field	Easyalert Field
`incident_id` / `event_id`	Event ID
`event_name` / `summary`	Title
`summary` / `event_message`	Description
`event_type`	Status mapping
`severity`	Severity
`node_name` / `tier_name`	Host
`app_name`	Service
`event_deep_link`	URL

Event Types and Status Mapping

Event Type	Easyalert Status
`POLICY_OPEN_WARNING`	Problem
`POLICY_OPEN_CRITICAL`	Problem
`POLICY_CONTINUES_WARNING`	Problem
`POLICY_CONTINUES_CRITICAL`	Problem
`POLICY_UPGRADED`	Problem
`POLICY_DOWNGRADED`	Problem
`POLICY_CLOSE_*`	OK
`POLICY_CANCELED_*`	OK

Severity Mapping

AppDynamics Severity	Easyalert Severity
`ERROR`	Critical
`WARN`	Warning
`INFO`	Info

Custom Field → Tag Conversion

All custom fields you add to the template are automatically captured as tags.

Example

Added to template:

{
  "customer": "AcmeCorp",
  "team": "backend",
  "datacenter": "EU-West",
  "cost_center": "CC-1234"
}

In Easyalert:

tags.customer = "AcmeCorp"
tags.team = "backend"
tags.datacenter = "EU-West"
tags.cost_center = "CC-1234"

Routing Examples

Escalation Routing:

tags.customer equals "AcmeCorp" → Acme Corp Policy
tags.app_name equals "Payment Service" → Payment Team Policy
tags.environment equals "production" → Production Policy

Notification Rules:

tags.severity equals "ERROR" → call + sms + email
tags.tier_name equals "Database" → DBA Team channel

Test

curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{
    "event_name": "High CPU Alert",
    "event_guid": "test-123",
    "event_type": "POLICY_OPEN_CRITICAL",
    "severity": "ERROR",
    "app_name": "TestApp",
    "node_name": "server-01",
    "summary": "CPU exceeded 90%",
    "event_deep_link": "https://appdynamics.example.com",
    "incident_id": "INC-001",
    "customer": "TestCustomer",
    "team": "test-team"
  }'

Troubleshooting

Alerts not being received

Verify HTTP Request Template is configured correctly
Check that action is added to the policy
Verify health rule is enabled and triggering
Test template from AppDynamics UI

Custom fields not becoming tags

Verify field is added to webhook payload template
Check field name spelling
View webhook samples in Easyalert

Recovery events not resolving incidents

Verify "On Policy Close" action is configured in policy
Check incident_id is consistent between open and close events
Ensure event_type includes POLICY_CLOSE events

Missing node/tier information

Ensure variables include node and tier
Some events may not have node-level data
Use tier as fallback when node is empty

Template errors

Test template with "Test" button in AppDynamics
Check variable syntax (Apache Velocity)
Ensure all referenced fields exist

Best Practices

Include Deep Links: Always include ${latestEvent.deepLink} so responders can quickly navigate to AppDynamics for details.

Use Incident ID: Use incident_id for event correlation to properly group and resolve related alerts.

Configure All Event Types: Include close/cancel events in your policy to automatically resolve incidents in Easyalert.

Add Custom Fields for Routing: Include customer, team, environment in payload for escalation routing.

Leverage Business Transactions: Monitor business transaction health for business-impact visibility.