Hi,

I want to show the stats based on the different values of the "state" field. "timechart count by result" does not work -probably because the format is not json and splunk fails to understand that "state" is a field. How do I handle this? I have tried rex function but did not manage to get the results I need.

I am trying to get something like this:
success=1231
aborted=322
pending=111

Thanks in advance for the help.

HTTP ***
Headers: [{'Cache-Control',"max-age=0, no-cache"},
          {'Content-Length',"400"},
          {'Content-Type',"application/json;charset=utf-8"},
          {'Host',"***"},
          {'Pragma',"no-cache"},
          {'X-Forwarded-For',"***"}]
Body: [{amount,***},
       {client_reference,"***"},
       {connector,"**"},
       {connector_reference,"***"},
       {consumer_save_card,false},
       {credit_card,[{brand,"***"},
                     {card_number,"**"},
                     {exp_month,***},
                     {exp_year,***},
                     {holder,"***"},
                     {type,"***"}]},
       {currency,"***"},
       {gateway_reference,"***"},
       {state,"success"}]