First sorry for my english. I'm testing Splunk at the moment, and i have a task to extract a field from *.log files.
Raw value is :
..xxxxxxxxxxxxxxx Duration: 1 s. 466 ms....
..xxxxxxxxxxxxxxx Duration: 4 s. 066 ms...
..xxxxxxxxxxxxxxx Duration: 12 s. 300 ms...
I want to to make an alert when the Duration is greater than 3 s
for a Report I filtered with search command, but it won't show the value like: "11", "12"
host=NAME | search (duration:"4" OR "5" OR "6" OR "7" OR "8" OR "9" )
Any help please!?
... View more