Splunk query - Total or Count by field

Question

I am working with event logs which contain many fields. I am trying to isolate 1 field and get a count of the value of that field and display the count in an existing table as a new field

This is my log: LOG_LEVEL="INFO" MESSAGE="Type_of_Call = Sample Call LOB = F DateTime_Stamp = 2022-10-10T21:10:53.900129 Policy_Number = 12-AB-1234-5 Requester_Id = A1231301 Last_Name = SAMPLE State = IL City = Chicago Zip 12345" APPLICATION_VERSION="appVersion_IS_UNDEFINED"

This is my splunk query:

| stats count, values(*) as * by Requester_Id 
| table Type_of_Call LOB DateTime_Stamp Policy_Number Requester_Id Last_Name State City Zip 

The issue that this query has is that it is grouping the Requester Id field into 1 row and not displaying the count at all.

This is what the table and the issue look like :

What I want is that I need to make the rows unique and display the count of the Requester Id in a new field.

For example: if there are 2 logs with the same Requester_Id with value "abc", I would still display those two logs separately in a table because it would have other fields different such as the date and time but I would like to display the count of the Requester_Id as 2 in a new field in the same table.

updated picture of the total:

Answer 1

Add the count field to the table command.

To get the total count at the end, use the addcoltotals command.

| table Type_of_Call LOB DateTime_Stamp Policy_Number Requester_Id Last_Name State City Zip count
| addcoltotals labelfield=Type_of_Call label="Total Events" count