Effective... Thank you very much.  ... View more

Correct I have Tag with value "CTL.CTL 5580.I" and a field Value with value "279" I also have another event with the Tag "CTL.CTL 5580.A" and a field Value with value "1" What I want is basically a field  CTL.CTL 5580.I CTL.CTL 5580.A 279 1   I am trying to do some trendline on the value over time that CTL.CTL 5580.I as well a use it s a field to fit a model for categorical predictions on  CTL.CTL 5580.A ... View more

That didnt end up working. As I said I am having a hard time explaining I think this would be an example in python sudocode...  for i in metric_name if (i = A) A.extend (A) if (i = B) if (i = C) ...   I want to take each "metric_name" and make it a column with the "Value" and then later "_time" from that event as a row/element. ... View more

So the data is sent in single line event looks like this.   2020-09-25 06:38:56.080 +0000 Tag="CTL.CTL 5580.I" Value="279" Quality="good" ControlLogix 5580   I am using the Kepware TA from the https://splunkbase.splunk.com/app/3963/ ----- Transforms.conf -----   [metric_value] FORMAT = _value::$1 REGEX = Value="(\S+?)" WRITE_META = 1 [kepware_path] FORMAT = kepware_path::"$1" REGEX = Tag="(.+?)" WRITE_META = 1 [quality] FORMAT = quality::"$1" REGEX = Quality="(.+?)" WRITE_META = 1 [metric_name] FORMAT = metric_name::"$1" REGEX = [A-z0-9_()]+\.([A-z0-9_()\s]*?)\"\sValue WRITE_META = 1 [asset] FORMAT = asset::"$1" REGEX = Tag\=\"([A-z0-9.\s*()_]*)\. WRITE_META = 1 [metadata] FORMAT = metadata::“$1” REGEX = Quality=".*"\s*(.*) WRITE_META = 1 ... View more