I am having problems trying to keep a sum of similar events in a field called 'count.' This field should group events with the same 'err_transcation_id.' I usually just use the top function for this, but i can for this search because the some fields should be left intentially blank and when i use that command it only grabs the fields that have everything.

Here is my search:

index=mainframeapps sourcetype="MainframeApps" NOT (Hosted="A390" OR "CPUC" OR "SYSE" OR "CPUE" OR "IPO1" OR "CPUB" OR "CPUA") NOT PENV*| table count, Hosted, err_job_name, err_id, environment, app_defined_key2, app_id, err_transaction_id, msg, err_call_chain |rename msg AS "Record Info" err_call_chain AS "Call Chain" Hosted AS "Hostname" environment AS "Service ID" err_transaction_id AS "Error Transaction ID" err_id AS "Error ID" app_id AS "Application ID" count AS "Count" percent AS "Percent" err_job_name AS "Error Job Name"| rex mode=sed field="Hosted" "s/\'//g"   | rex mode=sed field="Error Job Name" "s/\'//g"   | rex mode=sed field="Error ID" "s/\'//g"   | rex mode=sed field="Service ID" "s/\'//g"  | rex mode=sed field="Application ID" "s/\'//g"   | rex mode=sed field="Error Transaction ID" "s/\'//g" | rex mode=sed field="Record Info" "s/\'//g"   | rex mode=sed field="Call Chain" "s/\'//g"

This should be a pretty easy for some of you, but i am not having much luck with the stats command. Thank you guys so much.