topic Search multiple values from a single event where one value might be less than 800? in Splunk Search

Search multiple values from a single event where one value might be less than 800?

jasonhask — Fri, 04 Nov 2022 16:33:19 GMT

I have the following criteria from a single event that appears like:

Time Event
11/4/22
4:10:28.000 AM
{ [-]
Total: 6656
srv110: 1002
srv111: 1105
srv112: 1007
srv113: 995
srv114: 1269
srv115: 1278
}

<My Query>| timechart span=1m values(srv*) will return the values as so:

_time	values(srv110)	values(srv111)	values(srv112)	values(srv113)	values(srv114)	values(srv115)
11/4/2022 4:04	1003	1105	1007	996	1268	1278

But I need to return all of them as so even if any one of those values falls under 800 but also greater than -1.

I attempted to transpose and search from there but I'm failing somewhere.

Any help or nudge in the right direction would be greatly appreciated. Thank you!

kamlesh_vaghela — Fri, 04 Nov 2022 08:47:25 GMT

Can you please share _raw from the sample event?

index=YOUR_INDEX | table _raw

jasonhask — Fri, 04 Nov 2022 08:49:37 GMT

{"srv110": 1001, "srv111": 1104, "srvTotal": 6651, "srv112": 1006, "time": "2022-11-04T08:47:02Z", "srv113": 995, "srv114": 1268, "srv115": 1277}

kamlesh_vaghela — Fri, 04 Nov 2022 09:26:45 GMT

Can you please try this?

I hope this will help you.

Thanks
KV
If any of my replies help you to solve the problem Or gain knowledge, an upvote would be appreciated.