Application Discovery Mapping OverviewDescriptionApplication Dependency Mapping (ADM) probes collects information on the processes running on a server. The ADM (Application Dependency Mapping) probe is triggered on computers and servers. This probe collects information about the running processes on such devices. The script includes DiscoveryADMSensor, EnrichProcessesAndConnections, and ApplicationDependencyMapping work together to process the information returned by the probe. In particular, the ApplicationDependencyMapping script include checks each returned process to determine if such process matches the conditions described in one of the process classifiers. Processes which have a matching classifier may trigger a probe, or pattern, in order to collect more information on the process and create an application record in the CMDB. The triggering of probes/patterns for such processes will depend on the configurations as per the process classifier(discovery_classy_proc) and process handlers(discovery_proc_handler). More information can also be seen on: Application Dependency Mapping (ADM) for Discovery Table of Contents Application Dependency Mapping FlowTroubleshootingCommon IssuesExamplesInput Processing Debug Application Dependency Mapping Flow The Application Dependency Mapping probe is triggered once the Identification phase completes for a device being discovered. The Application Dependency Mapping: Gathers the running processes and connections on a server via the ADM probe. Note: There are multiple ADM probes, and the ADM probe triggered will depend on the classifier, unix, windows, linux, etc. The data returned by the ADM probe is processed by the ADM sensor. The ADM sensor creates a JSON payload that is enriched by the DiscoveryJSONADMSensor script include.The DiscoveryJSONADMSensor calls the ApplicationDependencyMapping script include.Finally, the ApplicationDependencyMapping script include creates the application CI according to the "Discovery Definition > CI Classification > Processes" configuration. Overall Input Flow Process classifier table: discovery_classy_procProcess handlers table: discovery_proc_handler The following document highlights some of the applications discovered out of box: Software Discovery The following document goes over NGINX web server discovery and is a good example of a process classifier: NGINX web server discovery The following links will also be helpful in understanding ADM and process classification: Create a Discovery process classificationOn classification script objects for DiscoveryCreate a Discovery process handler Troubleshooting More often than not, the issue being investigated is that the pattern or probe for an application was not triggered or the application was not created. The issue of an application not created even though pattern/probe was triggered is something that happens after successful mapping of the application, troubleshooting for such would be the same as troubleshooting any other probe/pattern input processing and outside the scope of this knowledge article (KB). Probe permission issues or input errors would also be investigated like any other probe. The goal of this KB is so that the probe or pattern will be successfully triggered for an application. Overall troubleshooting steps are to: Open ADM Probe inputConfirm no errors in input processingConfirm payload contains the process which should trigger probe/patternCheck process information matches process classifier conditionCheck that process classifier is active and has a probe/pattern in the "Triggers probes" related listCheck if the process information matches a process handler that is active and set classify = falseIf necessary (root cause not found in one of the steps above), debug input processing Common Issues Application Dependency Mapping probe not triggered | No application records created If no application CIs are created at all when discovering a server, the application dependency mapping probe may be turned off for the specific class. As a solution, check if the probe is present on the classifier and make sure it is active. Go to "Discovery Definition > CI Classification > All".Search for the classifier used when discovering the server, "table=cmdb_ci_win_server" for windows servers in the following example.Open the classifier and find the probe on "Triggers Probes" related list. Application Dependency Mapping probe triggered, however application is not created In this case, it is likely that the process information did not have a condition match under the discovery_classy_proc table. For such cases: Open the Application Dependency Mapping input ecc_queue record.Find the process in the payload and check for any potential errors in the payload.Compare the process information with the process classifier which should have created the application and triggered further exploration probes.Adjust the process classifier conditions to match on the intended process if necessary. Examples Successful MSSQL discovery In the following example we discover test server appserver-01. We can see in the following image that a "SQL Server Analysis Service" and two "MSFT SQL Instances" were discovered and added to the CI. The following screenshot shows the ECC Queue related list for the discovery status, ordered newest to oldest. We can see that probes were triggered for each application discovered after the ADM input was processed. Taking the "Windows - MSSQL" probe as an example, we can search "Discovery Definition > Probes" for "Windows - MSSQL" to find the probe. From the "Triggered by classifier" related list we can find the process classifier which triggered the probe. Next, we can see the condition in the process classifier which triggers the "Windows - MSSQL" probe. Finally, we can see the process information in the payload returned by the "Windows - Application Dependency Mapping" probe. Custom "ModemManager" In this example we will be using a custom process classifier for a process with name "ModemManager". We open the ADM Probe input, confirm no error in input processing, and checked the process is present in the payload Open the discovery statusSelect the "ECC Queue" related listCheck that the "Error String" field is emptyClick on the Application Dependency Mapping inputOnce opened, search for processNavigate to parent CI, confirm the process was created successfully With the above steps, we know that the process information is collected successfully and the process was created. Next, we check the process information matches process classifier condition & is active Navigate to Discovery Definition > CI Classification > ProcessSearch for the process classifier based on the table where the application should be created, in this case "cmdb_ci_modem_manager"Open the classifier and compare the conditions with the fields in the processCheck that the "Triggers probes" related list in the process classifier is not emptyCheck that the records in the "Triggers probes" related list have field active = true, if all are active = false no probes/patterns will be triggeredNavigate to table discovery_proc_handler and confirm there are no matching handlers active and configured "classify" = false, if classify = false process will not be classified and probe/pattern will not be triggered At this point, we have confirmed that the process information is collected successfully, a process classifier is present, and no handlers where "classify" = false. If the classifier uses probes, the application would be created at this point, if using patterns the application is only created when the input from the pattern is processed. Input Processing Debug See following documents on how to use the script debugger and how to reprocess an ecc_queue input in your session: Script DebuggerEcc Queue Processing At this point, we checked all necessary configuration and input data. If probes/patterns are not triggered as expected, we can to debug the ADM input processing. We can use the debug to determine if perhaps the process matched another classifier, sometimes the process will match an "incorrect" classifier. It is helpful but not necessary to first edit the ADM input payload so that only the process of interest is present. Example: The classify function in the ApplicationDependencyMapping script is a good place to start. Click on the line to add a breakpoint. Next, reprocess the input via script backgrounds: var eccRecord = new GlideRecord('ecc_queue');eccRecord.get('<ecc_queue_sys_id>');var sp = new SncSensorProcessor(eccRecord);sp.process(); Processing of the input should stop in the breakpoint set in the script. In the following screenshot, we see the sys_id of classifier used. Next we should open the classifier by sys_id to confirm the "correct" classifier was used. Additional InformationThe following blog post has an example on how to configure discovery to collect information on applications not discovered out of box: Discovering Eugene's "Special" Application