How to make eventstats results persistent?

Splunk Search

I am using event stats to get a unique count of the number of different values that are present in a given field. However the specific field that I am counting on changes based on the sourcetype. The eventstats commands I have look something like this (there are several hundred in total so it's not feasible to do manually)

sourcetype=123    | eventstats dc(file_path) as uniqueCount
sourcetype=456    | eventstats dc(hash_value) as uniqueCount

I need a way to be able to store the results of the eventstats command so that it is appended to the original event and I am able to retrieve it for use in dashboards. I tried using collect and sistats and neither one stores the "uniqueCount" value.

Thanks

Get Updates on the Splunk Community!

How to make eventstats results persistent?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation

How to make eventstats results persistent?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future