Understanding that you only get the value for the first "p" field, then it will be important to understand that Splunk will match key value pairs using the "=" character by default. What Splunk does not do by default is to allow multiple field values for the same meta field in the same event.
The easiest way is to extract all values for field "p" and then allow for multi-values for each event. Assume that your data lands according to the sample above:
Use an entry in props.conf to indicate the requirement for a REPORT. Why are REPORT? It is because we are looking for fields created at search time. In this case a simple entry like so will do:
[answers-1371406335]
REPORT-get_p_fields = get_p_fields
The props.conf entry directs Splunk to search for a matching stanza in transforms.conf. That is where you establish the required regular expression, match it to a field name and indicate that there are multiple values for the same entry allowed for each event -like this:
[get_p_fields]
REGEX = p\=(.+?)\&
FORMAT = p::$1
MV_ADD = true
This will create a list of items for each event.
And, finally, you enumerate with stats by counting the field "p".
BTW: If you want to manipulate the items in the list, you will expand the list per the individual values using mvexpand.
TIP: If you do not know where to place the props.conf or transforms.conf, then use the Search App. You will find this under $SPLUNK_HOME/etc/apps/search/local or %SPLUNK_HOME%\etc\apps\search\local.
What you have listed is not valid Splunk search syntax, so perhaps that is the problem. Your search should be:
p=grid_id OR p=swv_dwn OR p=ret_tlt0 OR p=no_sun1 OR p=T10M OR p=wspd10arpt OR p=RAIN OR p=srf_alb
| stats count by p
where the items in the first line of the search are the selected values for p
.