Hello,

I have ~15 the same queries with a little difference:

(index=SOME_INDEX sourcetype=SOME_SOURCE source=... 
| eval API=CASE(searchmatch("xxx"), "yyy", ...) 
| search API=WebResponse
| eval Status=case(...) 
| stats avg(dur) AS Avg by status_code
| stats count by status_code

...

(index=SOME_INDEX sourcetype=SOME_SOURCE source=... 
| eval API=CASE(searchmatch("xxx"), "yyy", ...) 
| search API=AppResponse
| eval Status=case(...) 
| stats avg(dur) AS Avg by status_code
| stats count by status_code

So, all my queries are different only in one place - | search API=XXX and return result like:

| status_code | count |
|  201        |  10   |
|  404        |  28   |
etc

How I can combine all above queries into one and get result as (or something like this):

    | status_code | count(AppResponse) | count(WebResponse) | count(Other) |
    |  201        |  10                |  0                  |  0   |
    |  404        |  28                |  3                  |   0  |

?