When you’re working with the stats command, it’s often nice to rename the fields to drop the aggregatation type:

| makeresults count=3   
| streamstats count   
| eval foo="bar"   
| stats latest(foo) as foo* latest(count) as count*

This gets annoying because of all the extra typing involved, and it violates the DRY principal.

Instead, try this next time:

| makeresults count=3   
| streamstats count   
| eval foo="bar"   
| stats latest(foo) latest(count)   
| rename latest(*) as *

Now you don’t have to type every field name!

UPDATE: I have extended this into a macro. Create a macro (I call mine “drop_agg”) with this definition:

foreach *(*) [ rename <<FIELD>> as <<MATCHSEG2>> ]   
| fields - *(*)