Ok so just upgraded my F5 APM (VPN server) in order to support Windows 10. Asked IT people to test on their Windows 10 machines and now just need to follow up on how many users actually tested. So each VPN session has a unique apm_session_id. I do a transaction on that ID to group all the sessions into one event then filter from there as per below. Good news is that the search below works great if I look at the last three days - specifically, it gives me back two results showing Win10 and a UID (one on November 13th and another today, November 15th). Bad news is that I simply change the date range to say all of last week (which includes Fridays) and NOTHING comes back, specifically "No results found."! It should have found Fridays at least but now finds nothing?
I tried using maxevents=999999999 or maxevents=-1 keepevicted, etc. and nothing works. Any ideas? I just need to run this same search (that works just fine over a 2-3 days) over a period of two weeks. What gives?
Search:
host=renamed-apm-host | transaction apm_session_id | search cplatform=Win10 | stats count by apm_uid cplatform
The transaction command is probably running out of memory. Maybe you should try an alternate search:
host=renamed-apm-host cplatform=Win10
| stats count by apm_uid cplatform
Will this work? It should be loads faster...