Hi @Damien Dallimore My question is similar to this one : https://answers.splunk.com/answers/186128 but I need a bit more guidance please (and am on Splunk 7.3.0) I have a REST endpoint that returns json but I require the http status codes to compare the json response to. I know that is achieved with a custom response handler and i know how to select the custom handler in the UI but I don't know how to python 😞 Please help me ... View more

I have a dynamic dashboard timechart that is being fed by user inputs that is having trouble working with my predict query. I currently have something close to 1500 hosts to accomodate and am only requiring the prediction query to occur when the 'OTHER' field appears ($hosts$ defaults to *) I want to be able to : see the lowest 10 hosts and an aggregate of all other hosts with a future-only prediction when no selection is made -- working with my below query AND for the graph to still draw when selected hosts are inputted (1-many with no 'OTHER' field present) -- NOT WORKING Here is what i have so far: index=blah sourcetype=blah $hosts$ timechart median(blah) as Blah by host WHERE min in bottom10 | eval predictOrNot=if(isnotnull(OTHER),OTHER,$hosts$) | predict predictOrNot as Prediction future_timespan=50 | eval Prediction=if(_time<=relative_time(now(),"-1w"), null, 'Prediction') I'm attempting to achieve the following or some other workaround: if (OTHER is not null) { run prediction query using 'OTHER' } else { run prediction query using $hosts$ } -- currently working if only 1 host selected but multiple is not working Any help would be greatly appreciated 🙂 ... View more