Hi @jt,

you could try something like this:

index= your_index (sourcetype=gb-req.log OR sourcetype=fr-req.log)
| fillnull value="No" City
| fillnull value="No" email
| fillnull value="No" Phone
| eval City=if(City="No","No,"Yes"), email=if(email="No","No,"Yes"), Phone=if(Phone="No","No,"Yes")
| stats dc(City) AS dc_city values(City) AS City dc(email) AS dc_email values(email) AS email dc(Phone) AS dc_phone values(Phone) AS Phone BY sourcetype
| eval City=if(dc_city=1,City,"Yes"), email=if(dc_email=1,email,"Yes"), Phone=if(dc_phone=1,Phone,"Yes")

Ciao.

Giuseppe