Just as a suggestion, this search does a count for events with two distinct values, adds them together, and has the total as a new column.

 | stats count(eval(product="abc")) AS abc_count, count(eval(product="xyz")) AS xyz_count by product | eval total_products=abc_count+xyz_count  | sort -total_products

Sorry if this isn't what you're looking for, but hopefully it helps in some way.

Also you might want to remove the regex tag.. I don't think this has much to do with regular expressions 😉

so there is no way to just add a field that will give me a running total for all the events that I am searching for. When i add the sum feature it just takes me to a different screen and then gives me a total instead of having all the information listed and totaling in a different field. Thank you for your help, just having a hard time getting it to work.

yes, but it does not add a seperate column that just has the total of all the counts

so you need to use a | stats sum(count) ?

They are existing fields, I need a total of the top events. Not just each individual event

What about the part that generates the statistics? (the count and percent part) unless they are existing fields?

Just a portion of it.. I left off the index and the sourcetype because i didnt think it would be needed.

+1 Ayn, you'll need to copy and paste your whole search directly if you want any useful help.

I doubt that is really your search. Did you paste the whole search or just portions of it?

any help would be appreachated