https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628449#M218288 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/229059">@neerajs_81</a>,</P><P>in values option, values are sorted in alphabetically way, so yu'll never had the correct alignment between&nbsp; different fields, the only way is aggregate them before the stats command and separating them after, something like this:</P><LI-CODE lang="markup">&lt;your_search&gt; | eval column=Status."|".Count | stats values(column) AS column values(Status) AS Status BY Severity | rex field=column "(?&lt;Count&gt;\d+)$" | table Severity Status Count</LI-CODE><P>I cannot test it but it should run!</P><P>Ciao.</P><P>Giuseppe</P> Thu, 26 Jan 2023 11:48:51 GMT gcusello 2023-01-26T11:48:51Z https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628448#M218287 <P>Hi All,&nbsp; When using stats&nbsp; to display values() of&nbsp; fields , how can we have the values to align between the field names ?&nbsp;&nbsp;For example<BR />My Data set</P> <TABLE border="1" width="100%"> <TBODY> <TR> <TD width="33.333333333333336%" height="25px">Severity</TD> <TD width="33.333333333333336%" height="25px">Status</TD> <TD width="33.333333333333336%" height="25px">Count</TD> </TR> <TR> <TD width="33.333333333333336%" height="25px">P1</TD> <TD width="33.333333333333336%" height="25px">New</TD> <TD width="33.333333333333336%" height="25px">1</TD> </TR> <TR> <TD width="33.333333333333336%" height="25px">P1</TD> <TD width="33.333333333333336%" height="25px">Open</TD> <TD width="33.333333333333336%" height="25px">2</TD> </TR> <TR> <TD width="33.333333333333336%" height="25px">P1</TD> <TD width="33.333333333333336%" height="25px">Unassigned</TD> <TD width="33.333333333333336%" height="25px">3</TD> </TR> <TR> <TD>P1</TD> <TD>Closed</TD> <TD>5</TD> </TR> </TBODY> </TABLE> <P><BR />When using<STRONG> | stats values(status) as status, values(Count) as Count by severity</STRONG><BR />this is what i get.&nbsp; Notice the count values are not as per dataset.</P> <TABLE border="1" width="283px"> <TBODY> <TR> <TD width="93.6094px" height="25px">Severity</TD> <TD width="94.9844px" height="25px">Status</TD> <TD width="93.4062px" height="25px">Count</TD> </TR> <TR> <TD width="93.6094px" height="25px">P1</TD> <TD width="94.9844px" height="25px">New<BR />Open<BR />Unassigned<BR />Closed</TD> <TD width="93.4062px" height="25px">1<BR />5<BR />3<BR />2</TD> </TR> </TBODY> </TABLE> <P><BR />i did like the results of Count to align as per their Status field.<BR /><BR />Expected Result</P> <TABLE border="1"> <TBODY> <TR> <TD width="93.6094px" height="25px">Severity</TD> <TD width="94.9844px" height="25px">Status</TD> <TD width="93.4062px" height="25px">Count</TD> </TR> <TR> <TD width="93.6094px" height="25px">P1</TD> <TD width="94.9844px" height="25px">New<BR />Open<BR />Unassigned<BR />Closed</TD> <TD width="93.4062px" height="25px">1<BR />2<BR />3<BR />5</TD> </TR> </TBODY> </TABLE> Thu, 26 Jan 2023 19:20:09 GMT https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628448#M218287 neerajs_81 2023-01-26T19:20:09Z https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628449#M218288 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/229059">@neerajs_81</a>,</P><P>in values option, values are sorted in alphabetically way, so yu'll never had the correct alignment between&nbsp; different fields, the only way is aggregate them before the stats command and separating them after, something like this:</P><LI-CODE lang="markup">&lt;your_search&gt; | eval column=Status."|".Count | stats values(column) AS column values(Status) AS Status BY Severity | rex field=column "(?&lt;Count&gt;\d+)$" | table Severity Status Count</LI-CODE><P>I cannot test it but it should run!</P><P>Ciao.</P><P>Giuseppe</P> Thu, 26 Jan 2023 11:48:51 GMT https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628449#M218288 gcusello 2023-01-26T11:48:51Z https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628455#M218290 <P>That worked. Thank you</P> Thu, 26 Jan 2023 12:21:59 GMT https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628455#M218290 neerajs_81 2023-01-26T12:21:59Z https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628461#M218292 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/229059">@neerajs_81</a>&nbsp;,</P><P>good for you, see next time!</P><P>Ciao and happy splunking</P><P>Giuseppe</P><P>P.S.: Karma Points are appreciated <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Thu, 26 Jan 2023 13:23:18 GMT https://community.splunk.com/t5/Splunk-Search/When-using-stats-to-display-values-of-fields-how-can-we-have-the/m-p/628461#M218292 gcusello 2023-01-26T13:23:18Z