@cindygibbs_08
Can you please try this?
YOUR_SEARCH
| eval t=mvzip(mvzip(INX,ROCKS),TASK)
| stats count by AGENT,t
| eval INX= mvindex(split(t,","),0), ROCKS=mvindex(split(t,","),1), TASK=mvindex(split(t,","),2)
| where INX > 0
| stats list(INX) as INX list(ROCKS) as ROCKS list(TASK) as TASK by AGENT
My Sample Search :
| makeresults | eval _raw="AGENT INX ROCKS TASK
XX_9 7|9|-6 T|Y|U TY-8|GY-0|FG-67
XX_10 7|-49|-66 UY|IO|UJI TY-8E|G-0|VG-67
" | multikv forceheader=1 | eval INX=split(INX,"|"), ROCKS=split(ROCKS,"|"), TASK=split(TASK,"|")
| rename comment as "Upto Now is sample data only"
| eval t=mvzip(mvzip(INX,ROCKS),TASK)
| stats count by AGENT,t
| eval INX= mvindex(split(t,","),0), ROCKS=mvindex(split(t,","),1), TASK=mvindex(split(t,","),2)
| where INX > 0
| stats list(INX) as INX list(ROCKS) as ROCKS list(TASK) as TASK by AGENT
Thanks
KV
▄︻̷̿┻̿═━一
If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.
