Hi All Splunk Experts. I'd like to create an alert in a certain index when the word "Finished" doesn't appear within five minutes of the word "Starting". For context, we upload file and see the string "Started" when we don't see the word "Finished" within 5 minutes, I'd like to have an alert. btw, me regex knowledge is really crap. Can you help. Much appreciated,  Sheldon. ... View more

Hi I have a query based on response times from a  service. index=homebanking "/soa/mcoi-rc-services/ContractService" Time="*" | rex field=_raw "\/(?<time>[^_\/]+)[\w\.]+($|\s)" | stats count by Time | fields - count I get these results......   I'd like to now create a graph of these results showing a graduation or reduction of the response times. Can someone help? Best, Sheldon.         ... View more