Traces and spans 🔗
A trace is a collection of operations that represents a unique transaction handled by an application and its constituent services. A span is a single operation within a trace.
Each span has a name that represents the operation captured by the span and a service name that represents where the operation took place. Additionally, spans may refer to another span as their parent, defining a relationship between operations the trace captures to process that transaction. Spans can also include additional information and context with span tags.
Each span contains information about the method, operation, or block of code that it captures, including these characteristics:
The service name
The operation name
The start time of the operation
The duration of the operation
The name and IP address of the service where the operation took place
How Splunk APM handles 4xx errors 🔗
By default, Splunk APM doesn’t display traces with
4xx status codes as errors, just
5xx status codes. This is because
4xx status codes could be the result of issues with requests and not issues with services handling requests.
For example, if a user makes a request to
404 status code the service returns is not an error with the service, but with the request. Similarly, if a user tries to access a resource they don’t have access to, the service could return a
401 status code, which is typically not the result of an error on the server side.
Depending on your application’s logic, a
4xx status code could be an error, particularly for client-side requests. There are a couple ways to address this:
Break down performance by HTTP status code span tags, if available.
Configure custom instrumentation to report
4xxstatus codes as errors.
Limits on spans and traces 🔗
These are the limits for span and trace length and count:
The total length of all span tag keys, span tag values, and span annotations can’t exceed 64 kB.
The maximum number of spans for each trace is 5000 spans per trace.