I have a search as follows
My search | bin span=1h _time | stats values(field_1) as Field_1 by _time Field_2
Which displays the result as follows
_time Field_2 Field_1
123 jkl gsad
Now I want my search to modify the result to add a field which displays the total event count of Field_1(Field_1_count) next to it like below. How can i do that?
_time Field_2 Field_1 Field_1_count
123 jkl gsad 23
↧