I have been using it but currently not as much because there were somethings I wanted to modify for my usage and just didn't have time to do that. I will be happy to discuss it with you. If you want to connect, you can call me or I can call you. If there is a way to send a private message, i will provide you my contact information. Thanks, Stephen Robinson ... View more

I am sorry, please see the following, I guess it was too late when I sent this to you (Ha Ha Ha) $date1 = $(get-date).AddHours(-1) Get-VBRBackupSession | where {$.EndTime -gt $date1} | Get-VBRTaskSession | Select @{N="#Date";E={$.Info.QueuedTime}}, @{N="Id";E={$.Id}},@{N="Name";E={$.Name}}, @{N="JobName";E={$.JobName}}, @{N="JobSessId";E={$.JobSessId}}, @{N="Status";E={$.Status}}, @{N="Reason";E={$.Info.Reason}} ##| Export-csv -Path C:\Temp\splunk\"JOBTSK"$Epoch.csv -NoTypeInformation ... View more

christopherHall, you will need to do the following to get the last hour of jobs. $date1 = $(get-date).AddHours(-1) Get-VBRBackupSession | Get-VBRTaskSession | Select @{N="#Date";E={$.Info.QueuedTime}}, @{N="Id";E={$.Id}},@{N="Name";E={$.Name}}, @{N="JobName";E={$.JobName}}, @{N="JobSessId";E={$.JobSessId}}, @{N="Status";E={$.Status}}, @{N="Reason";E={$_.Info.Reason}} ##| Export-csv -Path C:\Temp\splunk\"JOBTSK"$Epoch.csv -NoTypeInformation Thanks, Stephen Robinson ... View more

christopherHall, you will need to do the following to get the last hour of jobs. $date1 = $(get-date).AddHours(-1) Get-VBRBackupSession | Get-VBRTaskSession | Select @{N="#Date";E={$.Info.QueuedTime}}, @{N="Id";E={$.Id}},@{N="Name";E={$.Name}}, @{N="JobName";E={$.JobName}}, @{N="JobSessId";E={$.JobSessId}}, @{N="Status";E={$.Status}}, @{N="Reason";E={$_.Info.Reason}} ##| Export-csv -Path C:\Temp\splunk\"JOBTSK"$Epoch.csv -NoTypeInformation Thanks, Stephen Robinson ... View more

Koji, if you would like to setup the application I will be happy to help you. You just need to make sure that you have the api enable on your Vidyo Portal. The software will only work on Enterprise as we have to rely on DB Connect. Thanks, Stephen Robinson ... View more

I am sorry for taking so much time to answer you. There is a capacity planning Dashboard that gives you connections by type which are: VidyoDesktop, VidyoGateway, VidyoReplay, Guest etc.. which has a dropdown for predetermined set of dates. Also on that Dashboard is the ability to see how machine connections where made on each of your VidyoRouter Devices. If you would like me to assist you with setting up the application, I would be happy to due so. Thanks, Stephen Robinson ... View more

Hello, I am at a point now that I can help work on this. Would you mind having a call to discuss the application and what you would like to do going forward. I know powershell pretty well, so I am sure I can help determine the best way to get the data and how to avoid the duplicate data. Thanks, Stephen Robinson ... View more

I am not the curator of the app but bgstein is. As far as I know, there is currently one app. I have talked to bgstein about improving the application but we haven't discuss anything as of yet. Thanks, Stephen Robinson ... View more

Hello, I am at a point now that I can help work on this. Would you mind having a call to discuss the application and what you would like to do going forward. I know powershell pretty well, so I am sure I can help determine the best way to get the data and how to avoid the duplicate data. Thanks, Stephen Robinson ... View more

I would love to, I really don't remember all I did, but I will see if I can find some notes. The only thing I remember at this time is all the duplicate data. I am out of town starting tomorrow, so will not be able to get back to it until next week. I also have some other application I would like develop, and maybe you would be interested in collaborating. Thanks, Stephen Robinson ... View more

This worked perfectly. Thanks a million. Thanks, Stephen Robinson ... View more

index= sourcetype= (source="/opt/data/-AA_.csv" OR source="/opt/data2/-AA_.csv") | fields - field1 | timechart span=5min sum(field*) as AA* | addtotals | table _time,Total | timechart span=1h max(Total) as Total | eval Total = Total/1000 | timechart span=1mon sum(Total) as Total This provides me the output I want, but the job doesn't seem to efficient. The search creates fields AA1-121 per event and then does all the calculations it needs to do. This is the sample of data that I have. 2017-12-31 23:55:00.001+00:00,695,0,733,0,817,0,1078,0,987,0,1004,0,1983,0,1744,0,1236,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 2018-01-01 00:00:00.001+00:00,695,0,733,0,817,0,1078,0,987,0,1004,0,1983,0,1744,0,1236,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 2018-01-01 00:05:00.001+00:00,695,0,733,0,817,0,1078,0,987,0,1004,0,1983,0,1744,0,1236,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 .... Thanks, Stephen Robinson ... View more

Just to let you know and I took you example, and did the following in less steps: | rex max_match=0 "(?\d+)\"\s+=\s\"(?\d+)" | stats list(id),list(Reading) by _time,host ... View more

Thank you for responding to my questions, this works, but just returns the first id and Reading, the end goal is to extract all 192 values that are on a single line, and output the id and reading into a multi-lined event. I would like to do it at index time, but it doesn't seem to be working using the props.conf I put in place. ... View more

Thank you for your response. I tried this and it doesn't seem to work. I have 192 SNMPv2-SMI that comes in on the single line for each poll. Working through some trial and errors yesterday, I came up with the following but its not vary efficient. index="dev" | eval _raw = split(_raw, "SNMPv2-SMI::enterprises.") | rex field=_raw "10381.1.3.1.3.2.1.1.?(?\d+)[\"]\s=\s[\"]?(?\d+)[\"]" | table _time,cid,vid | eval reading=mvzip(cid, vid) | fields - cid,vid| mvexpand reading | eval final=mvzip(reading, _time) | mvexpand final | makemv final delim="," | fields - _time,reading | eval time=mvindex(final, 2) | eval device=mvindex(final, 0) | eval data=mvindex(final, 1) | fields - final | table time,device,data | convert timeformat="%Y/%m/%d %T" mktime(time) as _time | fields - time | eval {device}=data | fields - device,data | fillnull | timechart sum() as (Device) usenull=f useother=f | addtotals as Total ... View more

At the end of the day, I would like to see the {id} as the field, and as the value, so I would have 192 fields with 192 values. 1 | 2 | 3 | 4| .....192 20| 43 | 80 | 100 | ..... 0 If this make sense. Thanks, Stephen Robinson ... View more

No it's not a multi-lined event at least I don't believe so. Here is my props.conf information and I don't have anything in Transforms for this sourcetype [sourcetype_test] LINE_BREAKER=([\r\n]+\s*)SNMPv2-SMI NO_BINARY_CHECK=1 SHOULD_LINEMERGE=false 1.1.3.1.3.2.1.25.{1} that value should be {id} and "1.1.3.1.3.2.1.25.1" = <"1162"> this value should be <"Reading"> I am leveraging the SNMP Modular Input application. I really appreciate you getting back to me so quickly. THanks, Stephen Robinson ... View more

yoursearch | stats sum(20A*) as 20A, sum(20B*) as 20B, sum(20C*) as 20C | table 20* this doesn't work and gives me the following error: Error in 'stats' command: The number of wildcards between field specifier '20A*' and rename specifier '20A' do not match. Note: empty field specifiers implies all fields, e.g. sum() == sum(*) However; yoursearch | stats sum(20A*) as 20A*, sum(20B*) as 20B*, sum(20C*) as 20C* | table 20* works but gives me: 20A1 20A2 20A3 20B1 20B2 20B3 20C1 20C2 20C3 Thank you for your time to help me out. Thanks, Stephen Robinson ... View more

Jnoga, I just saw your application and loved what you did with it. I am wondering if you are still actively supporting this product? I found a couple of things that didn't work and made the minor changes to resolve this issue. I am interesting in furthering this application as more data is provided through Veeam. Please comment back and let me know how I can contact you. Thanks, Stephen Robinson ... View more

I really appreciate you stepping in to help me solve my issue. I believe you have gotten me close, but it seem like when data is large only get a limit amount of data. So let me start at the beginning to get better clarity. Here is my starting data which I generate using a search. ServerName,StartTime,EndTime,Duration, server02,1/11/2016 8:52,1/11/2016 8:52,0 server02,1/11/2016 8:52,1/11/2016 8:52,0 server01,1/11/2016 10:53,1/11/2016 10:56,3 server02,1/11/2016 11:40,1/11/2016 11:47,7 server01,1/12/2016 8:58,1/12/2016 9:38,40 server01,1/12/2016 9:50,1/12/2016 9:50,0 server01,1/12/2016 14:00,1/12/2016 14:00,0 server01,1/12/2016 14:41,1/12/2016 14:42,1 server01,1/12/2016 15:52,1/12/2016 16:00,8 server01,1/12/2016 15:57,1/12/2016 15:57,0 server01,1/13/2016 8:47,1/13/2016 8:47,0 server01,1/13/2016 10:50,1/13/2016 10:58,8 server02,1/13/2016 12:24,1/13/2016 12:28,4 server01,1/13/2016 13:59,1/13/2016 14:00,1 server01,1/14/2016 9:39,1/14/2016 9:44,5 server01,1/14/2016 12:00,1/14/2016 12:02,2 Now I am trying to plot the concurrent connections by ServerName. This is a small sample size, but should help to determine the best course of action. The key is, that the data needs to come in as a search first and then all the magic should happen. I tried using the map command in conjunction with gentimes, but can't seem to get it to work. Thanks, Stephen Robinson ... View more