looking for a query to convert the results like this I have a search to produce report using appendcols
a | b | c
5785|5731|100
want to get the report like this, basically trying to format the name of the fields along with apply sum/diff
Total of messagea | Total of messageb | Total of messagec | Diff of Total a and total b 5785|5731|100|54
This is the current query
index!= "internal " sourcetype="a" "messagea" | stats count as a | appendcols [search index!= "internal" sourcetype="b" "messageb" | stats count as b ] | appendcols [search index!= "internal" sourcetype="c" "messagec" | stats count as c ]
... View more