Hi again, I now managed to show these thresholds in my chart. There is one Problem: I need the threshold on the X Axis not on the Y Axis(as I showed in the picture in my initial post above). Is there a way to do that? ... View more

Thanks for the reply, this seems to be exactly what I need, but I am not able to achieve the same result as you with my chart. I want to show just the value of one particular field and how often the different values exist. I do this via the pivot Tool. I cant find the Overlay option. DoI have to use the eval command? ... View more

So I tried your Solution. both my transforms and props are in .etc/system/local. I changed them according to your answers. When I add a new textfile to splunk it gets shown in Search & Reporting but there are no additional fields extracted. I can extract the fields manually but that would take very long with that many fields. In Field extractions menu I added a new extraction with my source type and mytransform and so on. But how can I apply this extraction? ... View more

Ok, I want to try that, but I'm using splunk enterprise on a server. I cant find the files on the splunk user interface. How can I access the .conf files? Edit: Found them, testing it now ... View more

Yes I already achieved this so far, but one whole txt file all belongs to one single log of one tested device, which should be one single vent right? So that this event contains all the fields/values ... View more

Hi, thanks for the fast reply, I just started working with splunk so I'm not very experienced. Its additionally harder to start of with an unusual task like this. I read about transforms but I dont know where to put those lines of code so thats why I haven tried anything so far. I dont necessarily want to parse it as a csv that was just an idea. I cant format the text files before importing them to splunk because depending on the manufacturer or product they change completely. The only thing that is always the same is the definition of Values like $_XXX: YYY. For example my file looks like that: $_A: 15.3 $_B: 18.4 Random Text that isnt a value! $_Date: 2021-10-08 15-23-12 $_C: False $_D: True Random numbers 12314234234234234 and so on. I want Splunk to import this file and recognize only the $_ Values and leave the rest.  Thats why I tried to use REGEX and Split the Vlaues into separate events. This worked fine but the events had no relation to each other after that, besides the filename they came from. But the filename should be completely irellevant as its just a number given by the Manufacturer of the Device which could repeat in the future. I need the data to be bundled together. So that one event is one Production log from one device containing all said Fields. I really want to try your answer but as I said I dont know where to put the code. I know that there is a transform.conf file but I dont know how to change it/where it is located.    ... View more