How a Tap or SPAN Choice Impacts APM

Keith Bromley
Learn more about Keysight Technologies

For application performance monitoring (APM), many in IT tend to focus a significant amount of their time on the tool that performs the analysis. Unfortunately for them, the battle is won or lost at the data access level. If you don’t have the right data, you can’t fix the problem correctly.

This viewpoint is backed up by an APMdigest post back in August where Jim Frey cited some critical survey research. The research showed that "26% reported that their biggest challenge with incident response is that data exists, but they can’t access or analyze it easily." Key point – you need access to the right data at the right time to solve your problems.

This begs the question — how do I get the right data access?

The best source of data is from a network tap. A tap makes a complete copy of ALL the data passing through it. It is a passive device, so it does not alter any of the data and has a negligible effect on transmission time.

Taps are great because they are "set and forget." You simply plug the device into the network with a one-time disruption and you are done. No programming is required. Best of all, you can place taps anywhere in the network that you need data from — ingress, egress, remote offices, etc.

The one drawback to using taps is that if you install lots of them (which you will want to do), the amount of data feeds can overload the input ports to your APM tools. However, this issue is easily resolved by installing a network packet broker (NPB) to aggregate the data from the taps, filter the data as necessary, and then send that data on to the APM tool. This eliminates the overcrowding of the data ports on your APM tool.

An alternative to a tap is to use a mirroring port (also referred to as a SPAN port) off of your network switches. However, this is not recommended. One reason is that these ports are active devices, i.e. they can materially change data packet characteristics as the packets flow through the device. This is especially important when using data from these ports to diagnose problems.

In addition, bad packets (i.e. malformed packets) are dropped by the SPAN port. This ends up giving you a "digital view" of the situation, i.e. everything is fine and then there is a problem. Missing packets that could show degradation prior to data loss (which could have been useful to create a quicker diagnosis) is missing, along with any context as to what was happening before the problem began.

In the end, optimum data capture can be achieved using a tap and NPB. This results in a faster mean time to repair (MTTR).

Related Links

Hot Topics

Related Vendors

The Latest

Clearing the Path to AI: Why Vendor Consolidation Matters Now

Enterprises are under pressure to scale AI quickly. Yet despite considerable investment, adoption continues to stall. One of the most overlooked reasons is vendor sprawl ... In reality, no organization deliberately sets out to create sprawling vendor ecosystems. More often, complexity accumulates over time through well-intentioned initiatives, such as enterprise-wide digital transformation efforts, point solutions, or decentralized sourcing strategies ...

Cold Data, Hot Problem: Why AI Is Rewriting Enterprise Storage Strategy

Nearly every conversation about AI eventually circles back to compute. GPUs dominate the headlines while cloud platforms compete for workloads and model benchmarks drive investment decisions. But underneath that noise, a quieter infrastructure challenge is taking shape. The real bottleneck in enterprise AI is not processing power, it is the ability to store, manage and retrieve the relentless volumes of data that AI systems generate, consume and multiply ...

Observability at a Crossroads: AI, Economics, Complexity and the Enduring Power of Open Source

The 2026 Observability Survey from Grafana Labs paints a vivid picture of an industry maturing fast, where AI is welcomed with careful conditions, SaaS economics are reshaping spending decisions, complexity remains a defining challenge, and open standards continue to underpin it all ...

Explainability Is the New Battleground in AI-Powered Observability

The observability industry has an evolving relationship with AI. We're not skeptics, but it's clear that trust in AI must be earned ... In Grafana Labs' annual Observability Survey, 92% said they see real value in AI surfacing anomalies before they cause downtime. Another 91% endorsed AI for forecasting and root cause analysis. So while the demand is there, customers need it to be trustworthy, as the survey also found that the practitioners most enthusiastic about AI are also the most insistent on explainability ...

Empowering the Human Side of the Autonomous IT Age

In the modern enterprise, the conversation around AI has moved past skepticism toward a stage of active adoption. According to our 2026 State of IT Trends Report: The Human Side of Autonomous AI, nearly 90% of IT professionals view AI as a net positive, and this optimism is well-founded. We are seeing agentic AI move beyond simple automation to actively streamlining complex data insights and eliminating the manual toil that has long hindered innovation. However, as we integrate these autonomous agents into our ecosystems, the fundamental DNA of the IT role is evolving ...

AI Scale Is Outpacing Infrastructure - and IT Leaders Are Running Out of Time

AI workloads require an enormous amount of computing power ... What's also becoming abundantly clear is just how quickly AI's computing needs are leading to enterprise systems failure. According to Cockroach Labs' State of AI Infrastructure 2026 report, enterprise systems are much closer to failure than their organizations realize. The report ... suggests AI scale could cause widespread failures in as little as one year — making it a clear risk for business performance and reliability.

No Escalations ≠ No Work: Why Visibility in DevOps Matters More Now That AI Is Accelerating Everything

The quietest week your engineering team has ever had might also be its best. No alarms going off. No escalations. No frantic Teams or Slack threads at 2 a.m. Everything humming along exactly as it should. And somewhere in a leadership meeting, someone looks at the metrics dashboard, sees a flat line of incidents and says: "Seems like things are pretty calm over there. Do we really need all those people?" ... I've spent many years in engineering, and this pattern keeps repeating ...

Observability Costs Rising Faster Than Value

The gap is widening between what teams spend on observability tools and the value they receive amid surging data volumes and budget pressures, according to The Breaking Point for Observability Leaders, a report from Imply ...

Customers Demand Frictionless Experiences - This Is How Retailers Can Provide Them

Seamless shopping is a basic demand of today's boundaryless consumer — one with little patience for friction, limited tolerance for disconnected experiences and minimal hesitation in switching brands. Customers expect intuitive, highly personalized experiences and the ability to move effortlessly across physical and digital channels within the same journey. Failure to deliver can cost dearly ...

IT's Motivation Crisis Is Really a Process Crisis

If your best engineers spend their days sorting tickets and resetting access, you are wasting talent. New global data shows that employees in the IT sector rank among the least motivated across industries. They're under a lot of pressure from many angles. Pressure to upskill and uncertainty around what agentic AI means for job security is creating anxiety. Meanwhile, these roles often function like an on-call job and require many repetitive tasks ...

How a Tap or SPAN Choice Impacts APM

Keith Bromley
Learn more about Keysight Technologies

For application performance monitoring (APM), many in IT tend to focus a significant amount of their time on the tool that performs the analysis. Unfortunately for them, the battle is won or lost at the data access level. If you don’t have the right data, you can’t fix the problem correctly.

This viewpoint is backed up by an APMdigest post back in August where Jim Frey cited some critical survey research. The research showed that "26% reported that their biggest challenge with incident response is that data exists, but they can’t access or analyze it easily." Key point – you need access to the right data at the right time to solve your problems.

This begs the question — how do I get the right data access?

The best source of data is from a network tap. A tap makes a complete copy of ALL the data passing through it. It is a passive device, so it does not alter any of the data and has a negligible effect on transmission time.

Taps are great because they are "set and forget." You simply plug the device into the network with a one-time disruption and you are done. No programming is required. Best of all, you can place taps anywhere in the network that you need data from — ingress, egress, remote offices, etc.

The one drawback to using taps is that if you install lots of them (which you will want to do), the amount of data feeds can overload the input ports to your APM tools. However, this issue is easily resolved by installing a network packet broker (NPB) to aggregate the data from the taps, filter the data as necessary, and then send that data on to the APM tool. This eliminates the overcrowding of the data ports on your APM tool.

An alternative to a tap is to use a mirroring port (also referred to as a SPAN port) off of your network switches. However, this is not recommended. One reason is that these ports are active devices, i.e. they can materially change data packet characteristics as the packets flow through the device. This is especially important when using data from these ports to diagnose problems.

In addition, bad packets (i.e. malformed packets) are dropped by the SPAN port. This ends up giving you a "digital view" of the situation, i.e. everything is fine and then there is a problem. Missing packets that could show degradation prior to data loss (which could have been useful to create a quicker diagnosis) is missing, along with any context as to what was happening before the problem began.

In the end, optimum data capture can be achieved using a tap and NPB. This results in a faster mean time to repair (MTTR).

Related Links

Hot Topics

Related Vendors

The Latest

Clearing the Path to AI: Why Vendor Consolidation Matters Now

Enterprises are under pressure to scale AI quickly. Yet despite considerable investment, adoption continues to stall. One of the most overlooked reasons is vendor sprawl ... In reality, no organization deliberately sets out to create sprawling vendor ecosystems. More often, complexity accumulates over time through well-intentioned initiatives, such as enterprise-wide digital transformation efforts, point solutions, or decentralized sourcing strategies ...

Cold Data, Hot Problem: Why AI Is Rewriting Enterprise Storage Strategy

Nearly every conversation about AI eventually circles back to compute. GPUs dominate the headlines while cloud platforms compete for workloads and model benchmarks drive investment decisions. But underneath that noise, a quieter infrastructure challenge is taking shape. The real bottleneck in enterprise AI is not processing power, it is the ability to store, manage and retrieve the relentless volumes of data that AI systems generate, consume and multiply ...

Observability at a Crossroads: AI, Economics, Complexity and the Enduring Power of Open Source

The 2026 Observability Survey from Grafana Labs paints a vivid picture of an industry maturing fast, where AI is welcomed with careful conditions, SaaS economics are reshaping spending decisions, complexity remains a defining challenge, and open standards continue to underpin it all ...

Explainability Is the New Battleground in AI-Powered Observability

The observability industry has an evolving relationship with AI. We're not skeptics, but it's clear that trust in AI must be earned ... In Grafana Labs' annual Observability Survey, 92% said they see real value in AI surfacing anomalies before they cause downtime. Another 91% endorsed AI for forecasting and root cause analysis. So while the demand is there, customers need it to be trustworthy, as the survey also found that the practitioners most enthusiastic about AI are also the most insistent on explainability ...

Empowering the Human Side of the Autonomous IT Age

In the modern enterprise, the conversation around AI has moved past skepticism toward a stage of active adoption. According to our 2026 State of IT Trends Report: The Human Side of Autonomous AI, nearly 90% of IT professionals view AI as a net positive, and this optimism is well-founded. We are seeing agentic AI move beyond simple automation to actively streamlining complex data insights and eliminating the manual toil that has long hindered innovation. However, as we integrate these autonomous agents into our ecosystems, the fundamental DNA of the IT role is evolving ...

AI Scale Is Outpacing Infrastructure - and IT Leaders Are Running Out of Time

AI workloads require an enormous amount of computing power ... What's also becoming abundantly clear is just how quickly AI's computing needs are leading to enterprise systems failure. According to Cockroach Labs' State of AI Infrastructure 2026 report, enterprise systems are much closer to failure than their organizations realize. The report ... suggests AI scale could cause widespread failures in as little as one year — making it a clear risk for business performance and reliability.

No Escalations ≠ No Work: Why Visibility in DevOps Matters More Now That AI Is Accelerating Everything

The quietest week your engineering team has ever had might also be its best. No alarms going off. No escalations. No frantic Teams or Slack threads at 2 a.m. Everything humming along exactly as it should. And somewhere in a leadership meeting, someone looks at the metrics dashboard, sees a flat line of incidents and says: "Seems like things are pretty calm over there. Do we really need all those people?" ... I've spent many years in engineering, and this pattern keeps repeating ...

Observability Costs Rising Faster Than Value

The gap is widening between what teams spend on observability tools and the value they receive amid surging data volumes and budget pressures, according to The Breaking Point for Observability Leaders, a report from Imply ...

Customers Demand Frictionless Experiences - This Is How Retailers Can Provide Them

Seamless shopping is a basic demand of today's boundaryless consumer — one with little patience for friction, limited tolerance for disconnected experiences and minimal hesitation in switching brands. Customers expect intuitive, highly personalized experiences and the ability to move effortlessly across physical and digital channels within the same journey. Failure to deliver can cost dearly ...

IT's Motivation Crisis Is Really a Process Crisis

If your best engineers spend their days sorting tickets and resetting access, you are wasting talent. New global data shows that employees in the IT sector rank among the least motivated across industries. They're under a lot of pressure from many angles. Pressure to upskill and uncertainty around what agentic AI means for job security is creating anxiety. Meanwhile, these roles often function like an on-call job and require many repetitive tasks ...