Hi,
I have the following search on splunk indexer.
Although field "a" and "b" return results, field "steps" does not return stable results.(only one or zero result is returned).
thanks

sourcetype="F5:iRule:WebAccess"|sort -req_elapsed_time|head 3|stats count by url client_address req_elapsed_time server_name|stats sum(count) as count list(url) as a list(server_name) as b by server_name | eval steps=b."-".a| fields steps count