hello
i have this query :
index="prod" eventtype="csm-messages-dhcpd-lpf-eth0-sending" OR eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-dhcpd-send-socket-fallback-net" OR eventtype="csm-messages-dhcpd-write-zero-leases" OR eventtype="csm-messages-dhcpd-eth1-nosubnet-declared"
| stats count list(eventtype) by _time
the result im getting is :
_time count list(eventtype) 2019-08-05
10:24:23 5
csm-messages-dhcpd-send-socket-fallback-net
csm-messages-dhcpd-lpf-eth0-sending
csm-messages-dhcpd-lpf-eth0-listening
csm-messages-dhcpd-eth1-nosubnet-declared
csm-messages-dhcpd-write-zero-leases
what should i change in my query so i will see the count for each raw ?
thanks
