examples :
index=sentinelone (host="*") sourcetype=threats| fillnull siteName value="NULL" | search (siteName="Andre") |dedup id| makemv delim=", " "engines[]" | rename engines{} as Engines| rex field=Engines mode=sed "s/_/-/g" | top Engines
index=sentinelone (host="*") sourcetype=threats| fillnull siteName value="NULL" | search (siteName="Andre") | dedup id | rename fileDisplayName as Name | stats count(Name) as countName by Name | sort 15 - countName
it returns no results on 7.2.0 while returning results on 7.16 and below
