Just use the chart command.

| chart count by finding_id device.manufacturer 

Flip the order of the by fields if you want them the other way.

Thanks. Unfortunately that didnt work.

My query is now

| chart count by finding_id ,device.manufacturer

Statistics tab now shows the below, but the scatter plot X and Y axis labels are NSA-FLTR-20 and V-14707, and each axis is still numerical

What I'd like is that the Y axis is a list of all devices, the X axis is a list of all findings, and the scatter plot shows counts at the intersection of the two

device.manufacturer NSA-AUTH-025 NSA-FLTR-020 V-14667 V-14707
3COM 1 1 1 1
Brocade 0 5 0 0
Check Point 0 0 3 0
Cisco 4 1 9 8
HP 0 1 1 1
Huawei 3 0 1 1
Juniper 2 2 2 1
Palo Alto 1 2 2 0
WatchGuard 0 0 1 0

But scatter chart is still using

| makeresults
| eval _raw="device.manufacturer,NSA-AUTH-025,NSA-FLTR-020,V-14667,V-14707
3COM,1,1,1,1
Brocade,0,5,0,0
Check Point,0,0,3,0
Cisco,4,1,9,8
HP,0,1,1,1
Huawei,3,0,1,1
Juniper,2,2,2,1
Palo Alto,1,2,2,0
WatchGuard,0,0,1,0"
| multikv forceheader=1
| fields - _* linecount
| table device_manufacturer,NSA_AUTH_025,NSA_FLTR_020,V_14667,V_14707
| eval test=mvrange(0,2)
| mvexpand test
| streamstats count
| eval device_manufacturer=if(count % 2 = 0 , null(), device_manufacturer)
| foreach * [ eval <<FIELD>> = if(isnull(device_manufacturer),NULL,'<<FIELD>>')]
| fields - test count

I use trick.
try Viz>>Area Chart with Format Null Values=Gap