Splunk AppDynamics

Returning the count of unique browser applications being monitored on the controller

Jesse_Charlton
Engager

Hi,

I would like to create a metric that returns the amount of browser applications being monitored on the controller.

I have tried to do this using a distinct count of the app key, although my query is returning 1 instead of the amount of browser apps.

Here are the queries I have tried:
SELECT distinctcount(appkey) FROM browser_records
SELECT distinctcount(appkey) FROM web_session_records

If anyone knows of a way or can point me in the right direction, I would greatly appreciate it.

Thanks,
Jesse

Labels (1)
Tags (2)
0 Karma
1 Solution

Morelz
Builder

Hi Jesse

As you noticed when you use the following query as a metric

SELECT distinctcount(appkey) FROM browser_records

It will give you a count of the number of apps that have received data in the last 5 minutes only, if there is no data in the last 5 minutes for any of the applications, it will not show and count those.

If any of the apps don't have any data it wont give you anything

What you can do to bypass this is to add a condition e.g where I put a condition that it counts all data that's less than the year 2040, or you can build a condition to just check what data timestamps is less than now()

SELECT distinctcount(appkey) FROM browser_records WHERE eventTimestamp < 2232636067000

This forces the query to check all data in the analytics cluster, not just the last 5 minutes

However, depending on how long you store your analytical data, e.g if you only store data for 2 weeks, and one of the applications does not have any reported data in analytics, that app will not be counted as there is no data for it.

Hope I am making sense

View solution in original post

0 Karma

Morelz
Builder

Hi Jesse

As you noticed when you use the following query as a metric

SELECT distinctcount(appkey) FROM browser_records

It will give you a count of the number of apps that have received data in the last 5 minutes only, if there is no data in the last 5 minutes for any of the applications, it will not show and count those.

If any of the apps don't have any data it wont give you anything

What you can do to bypass this is to add a condition e.g where I put a condition that it counts all data that's less than the year 2040, or you can build a condition to just check what data timestamps is less than now()

SELECT distinctcount(appkey) FROM browser_records WHERE eventTimestamp < 2232636067000

This forces the query to check all data in the analytics cluster, not just the last 5 minutes

However, depending on how long you store your analytical data, e.g if you only store data for 2 weeks, and one of the applications does not have any reported data in analytics, that app will not be counted as there is no data for it.

Hope I am making sense

0 Karma

Jesse_Charlton
Engager

Hi Mario

You are making sense and have been very helpful. I like the method you've shown of using the timestamp condtion to check all the data.

Thanks for the help,
Jesse

Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...