| makeresults 
| eval _raw="Engage,Title,Status,Rating,Assigned_count_1_H,Assigned_count_1_M,Assigned_count_1_L,Assigned_count_2_H,Assigned_count_2_M,Assigned_count_2_L
DE1234,Windows,Report,2,5,7,5,1,9,3
ky342,Linux,Not Report,6,7,,5,,4,   
Total,,,8,12,7,10,1,13,3" 
| multikv forceheader=1 
| table Engage,Title,Status,Rating,Assigned_count_1_H,Assigned_count_1_M,Assigned_count_1_L,Assigned_count_2_H,Assigned_count_2_M,Assigned_count_2_L

I see what you want. but there is not sample log.

Please check your POST.
[1]: http://C:\Users\acer\Desktop
This is your comment's link.

I have a question in this
"Assigned_count_1_H,Assigned_count_1_M,Assigned_count_1_L,Assigned_count_2_H,Assigned_count_2_M,Assigned_count_2_L"

How this will work, i am getting error and thats bcaz we dont have these fields as such.
Can you pls help in this

the query above is sample your provided result.
I can't make a query, because you don't show sample logs

Thank you for the search you provided to4kawa.

Actually i am seeing data for the data which i provided above.But i have around 200 other values like this .Can you please help me with a dynamic search which i can apply here .
Further there is a total row at the bottom which will give total for all Rating values (H,M,L)

Example Output format of matrix :

Engage Title Status Rating Assigned_Count_of_Rating Assigned_Count_of_Rating(2)
H L M H L M H L M
DE1234 Windows Report 2 10 5 2 5 6 8 3
NRT34 Linux OOM 5 2 10 5 2 0 1 2 1

Total 7 12 15 7 7 6 1 10 4

Can you please add the below manipulated fields(as above ex format) too in this matrix as i mentioned above my initial question.

Total Count of Rating of H , M, and L (3 fields) should be in different columns
- Assigned Count of Rating of H , M, and L – where Assignee is not empty (3 fields) should be in different columns
- Assigned Count of Rating of H , M, and L – where Assignee is not empty (3 fields) should be in different columns
- Count of Info or Remediated, of Rating of H , M, and L – where Find_Closed = Yes (3 fields) should be in different columns
- Count of To Be Remediated, of DTCC_Rating of H, M, and L – where Find_Closed = No (3 fields) should be in different columns
- Count of OOM – records where Status = OOM Now

sorry, i can't understand your matrix.

Engage Title Status Rating Assigned_Count_of_Rating Assigned_Count_of_Rating(2)

There are six fields here.

DE1234 Windows Report 2 10 5 2 5 6 8 3

There are eleven fields.

Is it a matrix? Rating values (H,M,L) ?There is no sample log.

sorry ,I have been out for a while for holidays , so the delay .
I have attached the sample for the matrix and placed the sample too

Engage Title Status Rating Assigned count 1 Assigned count 2

H M L H M L
DE1234 Windows Report 2 5 7 5 1 9 3
ky342 Linux Not Report 6 7 5 4

Total 8 12 7 10 1 13 3

HI aberkov,

Thank you for your reply and you are right and that make sense.

It is basically a sql view from which we are creating a sourcetype in splunk .The structure will be like ,
Status Engage Title Rating
Report DE1234 Windows H
OOM NRT34 Linux M
Not Report PL239 Linux L

PLease let me know the search query for this matrix.