Application Delivery Management

Integration with New Relic

You can now integrate NetScaler Console with New Relic to view analytics for WAF and Bot violations in your New Relic dashboard. With this integration, you can:

  • Combine all other external data sources in your New Relic dashboard.

  • Get visibility of analytics in a centralized place.

NetScaler Console collects Bot and WAF events, and sends them to New Relic either in real time or periodically based on your choice. As an administrator, you can also view the Bot and WAF events in your New Relic dashboard.

Prerequisites

For a successful integration, you must:

  • Obtain a New Relic event endpoint in the following format:

    https://insights-collector.newrelic.com/v1/accounts/<account_id>/events

    For more information on configuring an event endpoint, see New Relic documentation.

    For more information on getting an account ID, see New Relic documentation.

  • Obtain a New Relic key. For more information, see New Relic documentation.

  • Add the key details in NetScaler Console

Add the key details in NetScaler Console

After you generate a token, you must add details in NetScaler Console to integrate with New Relic.

  1. Log on to NetScaler Console.

  2. Navigate to Settings > Observability Integration.

  3. In the Integrations page, click Add.

  4. In the Create Subscription page, specify the following details:

    1. Specify a name of your choice in the Subscription Name field.

    2. Select NetScaler Console as the Source and click Next.

    3. Select New Relic and click Configure. In the Configure Endpoint page:

      1. End Point URL – Specify the New Relic end point details. The end point must be in the https://insights-collector.newrelic.com/v1/accounts/<account_id>/events format.

      Note

      It is recommended to use HTTPS for security reasons.

    4. Authentication token – Copy and paste the authentication token from New Relic.

      1. Click Submit.
    5. Click Next.

    6. Click Add Insights and in the Select Feature tab, you can select the features that you want to export and click Add Selected.

    7. Click Next.

    8. In the Select Instance tab, you can either choose Select All Instances or Custom select, and then click Next.

      • Select All Instances - Exports data to New Relic from all the NetScaler instances.

      • Custom select - Enables you to select the NetScaler instances from the list. If you select specific instances from the list, then the data is exported to New Relic only from the selected NetScaler instances.

    9. Click Submit.

      Note:

      The data for the selected insights gets pushed to New Relic immediately after the violations are detected in NetScaler Console.

The configuration is complete. You can view details in the Subscriptions page.

Subscriptions page

New Relic dashboard

When the events are exported in New Relic, you can view event details under Metrics & events in the following JSON format:

<subsription_name>_adm_<event name> where event name can be Bot, WAF, and so on.

In the following example, ADMSTAGING is the <subscription_name> and bot is the <event_name>.

Dashboard

Once you get the JSON data ingested into your New Relic dashboard, as an administrator, you can use the NRQL (New Relic Query Language) and create a custom dashboard with facets and widgets based on your choice by constructing queries around the ingested data. For more information, see https://docs.newrelic.com/docs/query-your-data/nrql-new-relic-query-language/get-started/introduction-nrql-new-relics-query-language/

The following is an example dashboard created using the NRQL:

Example dashboard

To create this dashboard, the following queries are required:

  • Widget 1: Total Unique Attacks in events table

    SELECT count(total_attacks) from <event_name> since 30 days ago

  • Widget 2: Unique Transaction IDs in event table

    SELECT uniqueCount(transaction_id) from <event_name> since 30 days ago

  • Widget 3: Total Unique Bot Types and their counts

    SELECT uniqueCount(bot_type_desc), uniques(bot_type_desc) from <event_name> since 30 days ago

  • Widget 4: Total unique App Names seeing Bot Violations

    SELECT uniques(appname) from <event_name> since 30 days ago

Integration with New Relic