hi,
looking to do a stats count something like below.
Field1: A,B A B,A B,A,C A,C
each row accounts for different events. now need a count on all A's, B's and C's. so the result be something like:
Value |Count A | 5 B | 3 C | 2
This should get you started.
... | mvexpand Field1 | stats count by Field1
View solution in original post
wow. it worked perfect. at first didn't work. then figured out I needed to convert my field to mv before applying any mv functions on it.
final query : ....| makemv delim="," Field1| mvexpand Field1| stats count by Field1
