F5 Analytics iApp

Ken,

Thank you very much for taking time to build really cool visualizations and iApp to send the data to Splunk. I went through all the Data Models you created and it is seriously lot of work.

I do have a question, I understand F5 iApp can be configured to send data at 1/5/10/30 minute interval, which is capturing the state of the pool_member at that time. We configured it to send data every 5 minutes. Since F5 Health Checks frequency is every few seconds, we are not able to capture if a pool_member changed it's state one or more times within same 5 minute interval.

Example: pool_member "ABC_LAB_Pool" availablility_state showing 3 "offline" events in last 24 hours, however based on SNMP traps that we received for the same pool_member suggests there were ~50 times pool_member health is changed from online to offline and offline to online within same last 24 hours time window.

SNMP Traps that we are receiving on Pool Member state change:

Oct 6 15:36:35 fa-f5-lab.abc.com fa-f5-lab.abc.com notice mcpd[7502]: 01070727:5: Pool /Common/ABC_LAB_Pool member /Common/abc1:8443 monitor status up. [ /Common/ABC_LAB_Pool: up, /Common/tcp: up ] [ was down for 0hr:0min:2sec ]

Oct 6 15:36:35 fa-f5-lab.abc.com fa-f5-lab.abc.com notice mcpd[8191]: 01070727:5: Pool /Common/ABC_LAB_Pool member member /Common/abc2:8443 monitor status up. [ /Common/ABC_LAB_Pool member: up, /Common/ABC_LAB_Pool member: up, /Common/tcp: up ] [ was down for 0hr:0min:3sec ]

I would like to know how I can capture number of offline/online events within 5 minute interval using F5 Analytics iApp?

Please let me know if you need additional details regarding this question.

Thank you very much for your help, really appreciated your support.