Ok I found the field name and I tried to do this:

| stats count by my_field_name

But since the log message has unique timestamp and sometimes unique thread name, I am getting a table with rows for every single log message and with count =1. 

Is it possible to edit log message to remove that timestamp part and leave only the common part:

Instead of looking for count of this:

2023-01-01 01:02:40 INFO - Thread-1 com.example.ClassName : this is log A

can we do count for this:

this is log A

Well, this is an issue with log parsing. Properly onboarded logs should have defined extractions. Those extractions are responsible for "splitting" the event into fields (it's not precisely splitting since same part of the event can be referenced in more than one field).

You can extract fields ad hoc using the "rex" command and then stats like

<your search>
| rex "(?<mylog>this is log.*)"

And then doing the stats

| stats count by mylog

But it's usually better to have fields extracted automatically by splunk.

If you're searching in verbose mode, all fields extracted from a single event should show when you expand this event. (Fast mode only shows fields explicitly used in your search and some default fields).

You can also check which fields are extracted from your event by

<your_search>
```we don't want to clutter the display so we get just one event```
| head 1
```show all fields```
| table *
```pivot it around so we have a nice list```
| transpose 0 column_name=field
| rename "col 1" as value

Yeah I am interested in the first query:

| stats count by your_field

But it looks like in my case this entire log message line is 1 field but I cannot see its name though.

I can see some other fields like 'host_name' and I am able to find a count of occurrences of different values for that field. Also, I tried to de-select all fields and I still can see log message:

2023-01-01 01:02:40 INFO - Thread-1 com.example.ClassName : this is log A 

 So I am not sure what field I can use.