Hi longtime splunker, first time poster so my goal here is to find the most common and uncommon characters in a field across multiple events. event1: commandline="the quick brown fox" event2: commandline="jumped over the lazy dog" the search i've tried   index=data | fields command_line | rex field=command_line "(?<cmd_char>.)" | top cmd_char   this rex only pulls the first char from the field and would want to pull numbers from the whole commandline results from top (or whatever function): char (with " cause spaces would be hard to see here) | count " "  | 7 "e" | 3 "t" | 2 "u" | 2 "h" | 1 "q" | 1   ... View more