Hello, I am creating a query for my proxy data. The idea is to show all categories that I want in multiple single value charts. And for any categories that return 0, they will still be represented by a 0. my current query is index="siem-cyber-proxy" action=blocked category=gambling OR category=malware | eval isEvent=if(searchmatch("category"),1,0) | stats count as myCount sum(isEvent) AS isEvent | eval result=if(isEvent>0, isEvent, myCount) | table result This current query adds results from both categories together rather than split into individual charts. I need to find out how to split the results so it creates multiple charts. Or do i need to run the query for each individual category? Hopefully this makes sense. Thank you
... View more