@Mrig342
Can you please try this?
YOUR_SEARCH
| stats values(Act_Status) as Act_Status values(Total) as Total by Domain
My Sample Search :
| makeresults | eval _raw="Domain Act_Status Total
A RUNNING 65
A STOPPED 2
B RUNNING 75
C RUNNING 2
C STOPPED 2
D RUNNING 26
D STOPPED 6
E RUNNING 43" | multikv forceheader=1
| stats values(Act_Status) as Act_Status values(Total) as Total by Domain
Thanks
KV
▄︻̷̿┻̿═━一
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.
