Hello, I'm a bit new to Splunk, so I'm still learning. I have created two fields, an opscounter, and a deopcounter. The opscounter keeps count of how many times the field's value, or in this case, the value equates to a username is promoted to admin. If a user is promoted to admin, their count goes up on the opscounter; however, if they are demoted, the deopscounter goes up as well. As you can see in the opscounter image below, user1 was made an admin, and in the opscounter the count of 1, but in the deopscounter, you can see that user1 has a count of one, meaning they were demoted. If they are promoted again, their opscounter value will go to two. If a new user is added, they will automatically be added to the field same if they are demoted, but they will have the same value in both fields. I would like to create a dashboard that displays a list of current admins.   Knowing that is there a way to put every value that is in these fields in an if statement? My thought process is if user1 from opscounter is greater than user1 from deopcounter, display that user. I would like to figure out a way to make this work. If not, I'm open to suggestions on how to get the same results in a dashboard but through a different method. Any help is appreciated! ... View more