Hello, I am trying to create an Analytic query that would show the top 5 BTs with Error counts. e.g. TransactionName  3 I'm not great at building SQL or Analytics queries. : ) Thanks for any help, much appreciated. Tom 

Hello All,   So i have a field like below with JSON file       {"results_appcodes": [{"count": 2, "app_code": "XYZ", "group": "", "instance": "PQ1", "job_names": ["XYZ#cmd#johntest1", "XYZ#cmd#remetest"]}, {"count": 2, "app_code": "ZZZ", "group": "ABC1234", "instance": "PQ1", "job_names": ["ZZZ#ADM#cmd#pac", "ZZZ#cmd#GET_APP_CODE"]}, {"count": 1, "app_code": "ZZZ", "group": "", "instance": "PQ1", "job_names": ["ZZZ#cmd#mila3098"]}, {"count": 192, "app_code": "GKU", "group": "CAD45678", "instance": "PQ1", "job_names": ["ZZZ#cmd#test123"] ,["ZZZ#cmd#test890"], ["ZZZ#cmd#gola456"], ["ZZZ#cmd#test9990"] }}        Im using below query to break down the JSON file above  All the fields  count,app_code, group, instance are getting as expected but for  job_names  im unable to break down and that particular attrbute has a list of jobs underneath it Im looking for a query to get jobnames also        <<mysearch>>| spath input=results|rename unique_appcodes{}.* as * | eval x = mvzip(count,mvzip(app_code,mvzip(group,mvzip(instance,mvzip(instance,job_names))))) | mvexpand x | eval x = split(x, ",")| eval job_count=mvindex(x,0), app_code = mvindex(x,1) ,group=mvindex(x,2), instance = mvindex(x,3),job_names = mvindex(x,4) |table app_code job_count group instance job_names           Expected output       app_code count group instance job_names XYZ 2 PQ1 XYZ#cmd#johntest1,XYZ#cmd#remetest ZZZ 2 ABC1234 PQ2 ZZZ#ADM#cmd#pac,ZZZ#cmd#GET_APP_CODE              

1. How do I make my search string more readable?  It only works if it's all on one line.  I tried escaping new lines but splunk complains. 2. My query creates tables ok.  I want an alert to happen if one of the table entries is zero.   so I added. blah blah | sort + "Appointments Processed" | where 'Appointments Processed' = 0 and "save as" an alert but when it is zero, it doesnt send me email alert?

Hello I develop a Splunk apps on a DEV platform In this apps, I am doing field extractions and log file parsing. As a consequence,  props.conf and transforms.conf files are regularly modified.  If I want that my Splunk apps works fine in Production, do I have also to update props.conf and transforms.conf in my forwarder? Or on my indexer? Or both in forwarder and indexer ? Thanks a lot  

Hi  In July, 2021 Google has published new version of Android Gradle Plugin (AGP) 7.0.0 and Android Studio: https://developer.android.com/studio/releases/gradle-plugin#7-0-0 So far latest version of AppDynamics plugin for Android is 21.6.0 When trying to build the project, there is such error probably caused by new API in latest AGP: Some problems were found with the configuration of task ':app:appDynamicsProcessProguardMappingDebug' (type 'ProcessProguardMappingFileTask'). - Type 'com.appdynamics.android.gradle.ProcessProguardMappingFileTask' property 'applicationName' is missing an input or output annotation. It is the same even if Proguard is disabled (although by obvious reasons we are not going to disable Proguard anyway) The issue is reproducible on sample project we created based on basic Android project to make sure it is not caused by our project setup: https://github.com/silin/appdynamics-mapping-upload-issues/tree/latest_gradle_plugin When we try to switch our project to latest versions of Android Studio and AGP, AppDynamics becoming a blocker for this. Dev team is really frustrated with this, because they cannot use latest tools for development, and because it is not the first time when AppD becomes a blocker we constantly have discussions of dropping AppDynimics as a monitoring tool. Could you please share some ideas about how to fix this or in what version of AppD and when it can be potentially fixed?

Is this possible to transform a data set from :   Time User Number of Errors 9 pm Josh 2 9 pm Andy 1 10 pm Josh 0 10 pm Andy 1 11 pm Josh 1 11 pm Andy 3 to :   Time User Number of Errors 9 pm Josh 2 9 pm Andy 1 9 pm Total Number of Errors 3 10 pm Josh 0 10 pm Andy 1 10 pm Total Number of Errors 1 11 pm Josh 1 11 pm Andy 3 11 pm Total Number of Errors 4 ?  I've tried to use  :    <insert index here> | convert num("Number of Errors") as NumberofErrors |eval Total_Number_of_Errors= Josh + Andy |table Time User Number of Errors   However  its erroring out when i try to run this query .