okay listen, like @Ayn said in the other post: we are not here to solve your problems, we can help you to solve them on your own! I gave you the direction, you have to walk the path on your own ... and a good starting point is here

Its giving me the count, I dont want count to come in the rsult, I want the matching events (_raw), which are having more than the count 3.

I need to display the results if and only if the events count > 3.

it's equal if you extract the name from the search or if it is there in the event itself the count wont change So @Mus 's search is the way to go.

YourBaseSearchHere earliest=-60m "uploading reports to FTP server" | stats count(_raw) as CNT | where CNT > 3

This is it!

Hi,

Im using

YourBaseSearchHere earliest=-60m | regex _raw="uploading reports to FTP server" | fields _raw,host | stats count(_raw) as CNT | where CNT > 3

This is returing only total count, I need the _raw and host, so how can I write the search to get the _raw,host, If search count >=3.

Sorry but this search does not reflect your question, you asked for three event in one hour but your search checks for more then 2 and timechart spans 15minutes. Also is some placeholder or are you litteraly searching for this?

Hi,

|timechart span=15m count by host| where count > 2|rename _time AS Time | eval Time=strftime(Time, "%d/%m/%Y %H:%M")

Did you consider the fact that you maybe don't have any errors currently?
If you could provide the exact search you did and maybe some more information it would be easier to help ... 'nothing was displaying ...' isn't helpful either

Nothing was displaying with your solution