you are a lifesaver and really good at this splunk stuff. So what you posted above did not exactly work for me but it got me on the right path. I ditched the percentages, but the search was coming back with an error "eval command malformed expected )" So i took out...