https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584249#M1523 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/242896">@Kubousky</a>,</P><P>could you share the full search?</P><P>maybe the problem is before stats command, because using&nbsp;<SPAN>"| stats values(*) by&nbsp;policy_id client_rol", you should have all the fields.</SPAN></P><P><SPAN>only for precision, use:</SPAN></P><LI-CODE lang="markup">| stats values(*) AS * BY policy_id client_rol</LI-CODE><P>Ciao.</P><P>Giuseppe</P> Wed, 09 Feb 2022 10:16:57 GMT gcusello 2022-02-09T10:16:57Z https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584243#M1522 <P>I try to group by 2 fields: <STRONG>policy_id</STRONG> and <STRONG>client_rol</STRONG> but "| stats values(*) by&nbsp;policy_id client_rol " then the rest of fields´ values are missing.</P><P>Having following table ...</P><P>policy_id client_rol client_id client_city</P><TABLE><TBODY><TR><TD>&nbsp;001&nbsp;</TD><TD>&nbsp;TO</TD><TD>&nbsp;X0001&nbsp;</TD><TD>&nbsp;LONDON</TD></TR><TR><TD>&nbsp;001&nbsp;</TD><TD>&nbsp;AS</TD><TD>&nbsp;X0001</TD><TD>&nbsp;</TD></TR><TR><TD>&nbsp;001&nbsp;</TD><TD>&nbsp;TO</TD><TD>&nbsp;X0001</TD><TD>&nbsp;LONDON</TD></TR><TR><TD>&nbsp;001&nbsp;</TD><TD>&nbsp;AS</TD><TD>&nbsp;X0001</TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P>&nbsp;</P><P><STRONG>The result I would like to get is:</STRONG></P><P>policy_id client_rol client_id client_city</P><TABLE><TBODY><TR><TD width="43.2917px">&nbsp;001&nbsp;&nbsp;</TD><TD width="40px">&nbsp;TO&nbsp;&nbsp;</TD><TD width="59.5px">&nbsp;X0001&nbsp;</TD><TD width="76px">&nbsp;LONDON</TD></TR><TR><TD width="43.2917px">&nbsp;001</TD><TD width="40px">&nbsp;AS</TD><TD width="59.5px">&nbsp;X0001&nbsp;</TD><TD width="76px">&nbsp;</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>any clue guys?</P> Wed, 09 Feb 2022 09:56:47 GMT https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584243#M1522 Kubousky 2022-02-09T09:56:47Z https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584249#M1523 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/242896">@Kubousky</a>,</P><P>could you share the full search?</P><P>maybe the problem is before stats command, because using&nbsp;<SPAN>"| stats values(*) by&nbsp;policy_id client_rol", you should have all the fields.</SPAN></P><P><SPAN>only for precision, use:</SPAN></P><LI-CODE lang="markup">| stats values(*) AS * BY policy_id client_rol</LI-CODE><P>Ciao.</P><P>Giuseppe</P> Wed, 09 Feb 2022 10:16:57 GMT https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584249#M1523 gcusello 2022-02-09T10:16:57Z https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584320#M1524 <P>that was it. thank u&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;</P> Wed, 09 Feb 2022 15:25:50 GMT https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584320#M1524 Kubousky 2022-02-09T15:25:50Z https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584325#M1525 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/242896">@Kubousky</a>,</P><P>good for you, see next time!<BR />Ciao and happy splunking.</P><P>Giuseppe</P><P>P.S.: Karma Points are appreciated <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Wed, 09 Feb 2022 15:32:22 GMT https://community.splunk.com/t5/Other-Usage/Grouping-by-two-fields-the-rest-fields-are-missing/m-p/584325#M1525 gcusello 2022-02-09T15:32:22Z