i tried this but still i am not seeing any result under statistics tab. only events tab i am seeing the results.

Do you see any results in the statistics tab when your run following query??

<your base search> | rex field=_raw "\*RESPONSETIME:(?<ResponseTime>\d+)\*" | table ResponseTime

table is showing up but no values or nothing in that table

hmm...that's weird. I'd created a sample log file with your data and applied the rex command along with the stats command and I could see the graph just fine.

Hi Swbodie, Thanks for your help.

i used the below but still i m nt seeing any result.

 | rex field=_raw ".*RESPONSETIME:(?.*)\*|.*" | eval temp=split(RespnseTime,":") |eval time=mvindex(ResponseTime,-1) | stats count by time as responsetime

I want to make graph where i will show me the response times so that i can check how many response time went above and below 500 ms.

I am new to splunk, any help is appreciated. Thank you...

What that command is doing is a field extraction using a regular expression. I did not test the one I wrote above against your data so it may be off.

Have a look at this page which may help:

http://docs.splunk.com/Documentation/Splunk/6.2.5/SearchReference/rex

Thanks Swbodie. But still i m just getting the search result as i was getting with my search string like below.

2015-09-30 16:52:19.907|LOCATION:GATEWAY|SERVICE:DepositsRestProxy|VERSION:3|CLIENT:ARGOTELLER|BUSINESSSERVICE:deposit-account-debits-ep|OPERATION:NA|*RESPONSETIME:990*|STATUS:201449:Transaction processing requires manual intervention to be completed.|SEVERITY:ERROR|STATUSCODE:ERROR|STATUSMESSAGE:Conflict|DESCRIPTION:ClientIPAddress--10.42.132.193|MESSAGEID:10.42.8.151--3f8b2410:1501ffcf122:74b

I want something like below. SO that i can prepare chart how many went above 200 and how many went below 300ms
RESPONSETIME : 200
RESPONSETIME: 300

I am quite new to splunk. Thank you so much for your help.