IT Operations AnalyticsSplunk App for HTTP Applications

Assure Service Delivery for Business Web Apps

Visibility for Network, Application and IT Operations

Large enterprises have critical, business specific applications built around web service architectures. These applications are accessed through browsers and mobile devices by customers and users that are potentially distributed across the globe. Any performance impairment experienced while using these critical applications impacts customer experience or business efficiency.

Corvil provides a user-centric view of the application transaction performance across the network infrastructure out to the end user or customer. This enables the level 2 and level 3 network services teams to proactively resolve application service delivery problems.

Corvil delivers these views and workflows through a Corvil Spunk App to leverage the level 2 team’s familiarity with a broadly deployed operations tool. This results in more issues resolved efficiently by level 2 operations without requiring any specialized knowledge of new tools or workflows.

Problem Overview

The network services team is responsible for the delivery of these critical services across the global infrastructure. Many performance issues experienced by users are escalated to the network services team because of the complex infrastructure involved in the complete service delivery chain of these applications. These escalations are time-consuming and typically involve the most critical resources in network services.

These resources have both the technical expertise and deep knowledge of specialized tools to resolve issues. This has the following undesirable effects:

  • These critical resources are in constant, reactive fire-fighting mode performing time-consuming and complex troubleshooting tasks.
  • The network is continually blamed because other members of IT operations have no visibility into the network performance and its impact on these business applications.
  • The pattern of escalations accelerates because these network services resources seem to resolve all the hard problems.

Furthermore, these business-specific applications are prime candidates for migration to the cloud. The network services team will lose all visibility of these services if they rely on legacy monitoring tools.


  • Over dependence on network experts to perform time-consuming and reactive analysis of critical application performance issues.
  • No transparency into network performance and its impact on application delivery.
  • Inefficient operations and support processes, with the network, often being blamed by default.
  • Complete lack of visibility into network performance for cloud hosted applications.

Solution Overview

The Corvil HTTP App for Splunk provides visualizations and analysis of the application transaction delivery over HTTP. This analysis is driven by the Corvil platform which provides deep decoding of message field and payload, allowing analysis and publishing from the packet data on the network into Splunk for analysis by the Corvil HTTP App.

A dashboard in Splunk reports application transactions trends, including transactions with errors, and transactions which are slow with their associated response time. The information is presented at application, network site, user and transaction levels. Drill down is supported all the way to way to individual transactions, where a transaction sequence diagram gives precision insight into timing between the network and server interaction.

The deep transaction decoding can be performed by a physical Corvil appliance
via spans and taps, or by the Corvil software sensor. The latter extends network instrumentation into the Cloud and virtualization environments where no direct access to network management interfaces is available.

With the Corvil HTTP App for Splunk, any stakeholder in the organization can directly see the cause of impaired transaction delivery, and they can see it in the IT Ops ecosystem they are already familiar with and have access to. For the first time, they can see network performance data that is directly relatable to application transactions it delivers.


  • Proactively report on performance degradation by automatically baselining normal transaction performance.
  • Complete visibility into application and network performance as applications are migrated to the cloud.
  • For slow transactions, highlight time spent on the network versus server processing time.
  • Search for individual users to visualize application usage and diagnose individual complaints.
  • Report network performance for every remote site in the organization.
  • Real-time network-based transaction decoding removes the need to perform time-consuming and reactive packet capture.
  • Improved operational processes by allowing all stakeholders to visualize and diagnose transaction delivery before pointing the finger at the network team.
Splunk App for HTTP Applications


  • Transactions performance statistics at an application, network site, and user context.
  • Performance of a single transaction, including a granular TCP sequence diagram for the messages that
    comprise the transaction.
  • Drill down to a single transaction with a full decode of HTTP fields and payload


  • Highlight transactions which are slow or with errors at various context levels
  • Historical search of user and individual transactions
  • Reports on transaction volumes and trends

Ease of Use

  • Fast drill through or search for individual user or transactions
  • One click, self-service pcap export
  • Standard pcap format, for analysis in Corvil or other 3rd party tools