Solved: Help with stats table output

adlireza · ‎09-28-2017

I have a dataset that can be represented as below:

Region=A State=1 City=a Product=Apple
Region=A State=1 City=b Product=Apple
Region=A State=1 City=c Product=Orange
Region=B State=1 City=d Product=Pineapple
Region=B State=2 City=e Product=Apple
Region=C State=1 City=f Product=Orange
Region=C State=2 City=g Product=Orange

How can I summarize by Region and State have a stats output table as below:

Region  |  State  | Apple  |  Orange  |  Pineapple
   A    |   1     |    2   |     0    |     0
   B    |   1     |    0   |     1    |     1
   B    |   2     |    1   |     0    |     0
   C    |   1     |    0   |     1    |     0
   C    |   2     |    0   |     1    |     0

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

View solution in original post

HiroshiSatoh · ‎09-28-2017

Try this!

 (your search)   |stats 
count(eval(Product="Apple") as Apple,
count(eval(Product="Orange") as Orange,
count(eval(Product="Pineapple") as Pineapple, by Region,State

※Field extraction is required.
Region,State,Product

adlireza · ‎10-02-2017

It's missing a few round brackets, but this is the answer that helped me, thanks.

Help with stats table output

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Help with stats table output

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!