Total count with sub total count for msg log string literal?

Question

Very new to splunk.

I have the following query that gives me total count for a specific log:

LOGGING string: "log msg: stuff="

from this query I can get total by matching "log msg":

source=*/logs/stdout.log classname=Log "log msg" | stats count

However, I want to get that count as well the count for "stuff" where stuff=""

How can I modify the query above to get the total count for "log msg" and total count where stuff is empty string...(as a next ask possibly display in a stacked bar chart?) But raw data is fine for now.

Answer 1

This should do it for you:

source=*/logs/stdout.log classname=Log "log msg" | stats count, count(eval(stuff="")) as noStuff