I have a formating question.

When I run this:

index=userdata | eval platform=case(rl_user_agent like "%iPhone%", "Mobile" ,rl_user_agent like "%iPad%", "Mobile" , rl_user_agent like "%Android%", "Mobile" , 1=1, "Full Site") | eval status=case(rl_user_status=="Guest", "Guest", rl_user_status like "%Active%", "Active Sub", 1=1, "Registered") |rex field=rl_path "[/](?<path_root>[^/]*)"  | eval path_root=upper(path_root) | table status path_root platform | stats count by status path_root platform | stats list(platform) AS Platform, list(count) AS count by status path_root

I get

status : path_root : Platform : count
status1   path1      full site   12
                     mobile      10
status1   path2      full site   12
                     mobile      10

but how can I get

status : path_root : full site : mobile
status1  path1        12         10

status1  path2        12         10