Thanks for the information! I did a little more testing by adding ## A_Custom in the inputs for the custom app and leaving the TA stanza in place, but this didn't work. I also completely removed the [Perfmon://Process] from the other conf files on the host (in local and default for the TA apps) and restarted the UF, but we're still not seeing any metrics write to the index from the custom app. I ran btool on the UF server and I only see the custom app's inputs for [Permon://Process]. D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf index = customer_metrics D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf interval = 60 D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf mode = single D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf object = Memory D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf sourcetype = PerfmonMetrics:Memory D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf useEnglishOnly = true D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf [Perfmon://Process] D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf counters = % Processor Time; % User Time; % Privileged Time; Virtual Bytes Peak; Virtual Bytes; Page Faults/sec; Working Set Peak; Working Set; Page File Bytes Peak; Page File Bytes; Private Bytes; Thread Count; Priority Base; Elapsed Time; ID Process; Creating Process ID; Pool Paged Bytes; Pool Nonpaged Bytes; Handle Count; IO Read Operations/sec; IO Write Operations/sec; IO Data Operations/sec; IO Other Operations/sec; IO Read Bytes/sec; IO Write Bytes/sec; IO Data Bytes/sec; IO Other Bytes/sec; Working Set - Private D:\SplunkUniversalForwarder\etc\apps\custom_app\local\inputs.conf disabled = 0   ... View more

I was wondering about the cleanness of the mockup and the use of values(PayAmt), etc.  If there are multiple transaction from the same account but no transaction ID AND _time is not a reliable determinant, life can be really tough. (My explanation of the cleanness to myself was that maybe you were working with one of those medical labs that used a unique account for every transaction.)  In essence, the challenge is semantic because there is no clear definition of a "match".  I am not sure how much streamstats can help until defined "match" criteria emerge. Anyway, if there is anyway to define a unique "primary key" with a group of variables, you can use them in groupby.  For example, suppose status "Success" in "A" search matches that of "True" in "M" search, "A" Category matches "M" Source, and the payment amount can be used for matching.  Instead of naming these matching fields differently, they should have identical names and matching values should be equal so groupby can do its magic, like index="index1" Tag="Tag1" | rename AccountId as AccountNumber | rename PaymentChannel as A_PaymentChannel | eval PaymentAmount = round(PaymentAmount, 2) | rename StartDT as Time | table PaymentAmount A_PaymentChannel,AccountNumber,PaymentCategory,ResponseStatus, Time, index | append [search index="index2" sourcetype="source2" | eval PaymentAmount = round(PaymentAmount,2) | rex field=source "M_(?<M_Source>\w+)_data.csv" | eval PaymentCategory = if(M_Source == "card", "Credit", "Cash") | eval ResponseStatus = if(ResponseStatus == "True", "Success", "Failure") | rename "TERMINAL ID" as M_KioskID | rename "KIOSK REPORT TIME" as Time | eval _time =strptime(Time,"%Y-%m-%d %H:%M:%S.%3Q") | addinfo | where _time>=info_min_time AND (_time<=info_max_time OR info_max_time="+Infinity") | table PaymentAmount AccountNumber, PaymentCategory, M_KioskID,ResponseStatus, Time, index] | stats values(*) as * by AccountNumber PaymentCategory ResponseStatus | table AccountNumber,A_PaymentChannel,M_KioskID,PaymentCategory,PaymentAmount,ResponseStatus,Time | eval PaymentAmount = case(mvcount(index)==2, "$", index=="index1", "A$", index=="index2", "M$") + PaymentAmount | sort - Time ... View more

The question needs more clarification.  If every search returns exact three (3) results with a Timestamp field that can be precisely compared (i.e., no rounding into minutes or such), you can simply mark any "oddball" as not  matching. | stats values("HostFile") as Files by Timestamp | eval Match = if(mvcount(Files) > 1, "Matching", "Not matching") Even in this simplistic scenario, you need to decide how to handle cases when all three files carry different Timestamp.  The above method says "Not matching" when this happens. ... View more

This worked perfectly! Thank you very much, bowesmana! ... View more

@richgalloway  Thank you! I was able to add window=2 to the search and verified that the timings look accurate after finding the total time and checking against each individual row's timing. For some reason window=1 resulted in all 0 results, but 2 worked as expected. Thanks again! ... View more

Razziq, You can visualise the javascript errors as outlined in the below doc https://docs.appdynamics.com/display/PRO44/Visualize+JavaScript+Errors if you want to filter it for the backend application, then you can use Transaction analytics https://docs.appdynamics.com/display/PRO44/Analytics+Transaction+Data SELECT segments.errorList.errorCode FROM transactions WHERE segments.errorList.errorType= "HTTP_ERROR_CODE" You can use something like the above query. Refer the above docs to get more detail on this Regards, Mohammed Rayan ... View more

Hi Razziq, Is it a on-premise or SAAS controller ? If it is an on-premise controller, try reverting it back to the previous version or upgrade it to the latest version of the controller that's available at this point & see if that helps. If it's a SAAS based controller, ask AppD support ( vendor) team to upgrade it to the latest version. Thanks, Sunil ... View more