Hi @jerrynandak,

add nomv to the end:

| makeresults | eval id=11,  event_type="ack" | fields id event_type
| append [ | makeresults | eval id=11,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=11,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=11,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=11,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=13,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=11,  event_type="req" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=13,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="ack" | fields id event_type ]
| append [ | makeresults | eval id=12,  event_type="req" | fields id event_type ]
| stats values(event_type) AS event_type BY id
| nomv event_type

Ciao.

Giuseppe