Thanks @tscroggins i did post a new question.. How to filter a field from the log where the values change for example please see below, logfile =(result1=0 result2=5 result3=10 result4=14) at 5AM logfile =(result1=8 result2=5 result3=10 result4=14) at 5:10Am logfile =(result1=4 result2=5 result3=10 result4=14) at 5:20Am logfile =(result1=3 result2=5 result3=10 result4=14) at 5:30Am i want query to return result and show when result1 is greater than 5, please help Current state im at =index=indexname | search sourcetype=eventname "result1=5" gives results but if i do index=indexname | search sourcetype=eventname "result1> 4" returns nothing
... View more