4.3 Count the number of log messages for each distinct value


Some source IP addresses show up in the logs more often, but which ones?


Extract the field of interest and use the count operator:

| parse "* -" as src_ip
| count by src_ip


In this example, the count operator enumerates the total number of instances of each source IP address.