I'm trying to extract the data from logs and display the count  based on 2 fields. Below are the sample data logs, 14:48:23.668 INFO - Response(Uuid=1e850916-f99d-1e35a8d3c474, pojo=[Pojo(id=ID0047, flg=false), Pojo(id=ID0065, flg=false), Pojo(id=ID0105, flg=true), Pojo(id=ID0106, flg=true), Pojo(id=ID0066, flg=false), Pojo(id=ID0108, flg=false)]) 14:48:23.676 INFO - Response(Uuid=c5ec43a2-8c07-c56f9f5bbd1f, pojo=[Pojo(id=ID0106, flg=false), Pojo(id=ID0107, flg=false), Pojo(id=ID0068, flg=true), Pojo(id=ID0105, flg=false), Pojo(id=ID0064, flg=true), Pojo(id=ID0108, flg=false), Pojo(id=ID0047, flg=false)]) 14:48:23.690 INFO - Response(Uuid=eac5f53e-6407-eac356ca0458, pojo=[Pojo(id=ID0107, flg=false), Pojo(id=ID0047, flg=true), Pojo(id=ID0067, flg=false), Pojo(id=ID0106, flg=false), Pojo(id=ID0068, flg=false), Pojo(id=ID0108, flg=false)])   Below is the current query , <base query | rex field=pojo max_match=0 "Pojo\((?<ID>.*?)\,(?<FLG>.*?)\)" | chart count by ID FLG>   If i'm using one field in count by its giving the correct count ( ID / FLG ) but when i'm use both its not giving correct count as in query.   Sample expected output looks like below, ID   FLG=false   FLG=true ID0047   2   1 ID0107   2   0 ID0065   1   0 .. Kindly help or suggest me. ... View more