Consolidate eventstats into one subsearch in a foreach command #1
Description
The search has 5 similar eventstats commands. We should be able to consolidate those into one subsearch using the foreach command as seen below, however it fails with the error: "Error in 'foreach' command: Search pipeline may not contain non-streaming commands".
... | foreach autonomous_system period date_wday app dest [eventstats count as <>_count by user, <>]