https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581683#M202633 <P>I am working on the query that generates a table with count of security violations. I want to filter our the users with violations greater than 10.&nbsp;</P><P>&nbsp;</P><P>| rex field=_raw "(?&lt;Message&gt;Security\sviolation)\s\S+\s\S+\s(?&lt;User&gt;[A-Z0-9]+)"<BR />| eval Time = strftime(_time, "%m-%d-%Y %H:%M:%S")<BR />| rename JOBNAME as Jobname Time as Date<BR />| eval Workload = substr(Jobname,1,3)<BR />| stats count(Message) as "Security Violations" by Jobname User</P><P>&nbsp;</P><P>Resulting table</P><TABLE border="1" width="100%"><TBODY><TR><TD width="50%" height="25px">User</TD><TD width="50%" height="25px">Security Violations</TD></TR><TR><TD width="50%" height="25px">ABC</TD><TD width="50%" height="25px">1</TD></TR><TR><TD width="50%" height="25px">DEF</TD><TD width="50%" height="25px">4</TD></TR><TR><TD height="24px">GHI</TD><TD height="24px">12</TD></TR><TR><TD height="25px">JKL</TD><TD height="25px">3</TD></TR><TR><TD height="25px">XYZ`</TD><TD height="25px">20</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Thank you,</P> Wed, 19 Jan 2022 15:32:19 GMT chinmay25 2022-01-19T15:32:19Z https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581683#M202633 <P>I am working on the query that generates a table with count of security violations. I want to filter our the users with violations greater than 10.&nbsp;</P><P>&nbsp;</P><P>| rex field=_raw "(?&lt;Message&gt;Security\sviolation)\s\S+\s\S+\s(?&lt;User&gt;[A-Z0-9]+)"<BR />| eval Time = strftime(_time, "%m-%d-%Y %H:%M:%S")<BR />| rename JOBNAME as Jobname Time as Date<BR />| eval Workload = substr(Jobname,1,3)<BR />| stats count(Message) as "Security Violations" by Jobname User</P><P>&nbsp;</P><P>Resulting table</P><TABLE border="1" width="100%"><TBODY><TR><TD width="50%" height="25px">User</TD><TD width="50%" height="25px">Security Violations</TD></TR><TR><TD width="50%" height="25px">ABC</TD><TD width="50%" height="25px">1</TD></TR><TR><TD width="50%" height="25px">DEF</TD><TD width="50%" height="25px">4</TD></TR><TR><TD height="24px">GHI</TD><TD height="24px">12</TD></TR><TR><TD height="25px">JKL</TD><TD height="25px">3</TD></TR><TR><TD height="25px">XYZ`</TD><TD height="25px">20</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>Thank you,</P> Wed, 19 Jan 2022 15:32:19 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581683#M202633 chinmay25 2022-01-19T15:32:19Z https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581689#M202638 <LI-CODE lang="markup">| where 'Security Violations' &gt; 10</LI-CODE> Wed, 19 Jan 2022 15:44:41 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581689#M202638 ITWhisperer 2022-01-19T15:44:41Z https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581705#M202646 In most cases use ” as values and ‘ as field names. Sometimes you need both on same time (see e.g. foreach + eval/fieldformat). Wed, 19 Jan 2022 16:45:28 GMT https://community.splunk.com/t5/Splunk-Search/How-to-search-for-values-greater-than-10-in-the-results/m-p/581705#M202646 isoutamo 2022-01-19T16:45:28Z