How to show result of a count within a count in Splunk

Question

I am having a problem with showing a count within a count. I can't seem to get the query right, or can't find which commands to use (I am not a pro in Splunk). What I currently have is the following:

index="applications_pas_p_g01550" 
| spath MessageTemplate | search MessageTemplate="Input Message: {Body}"
| eval propertiesBody = lower('Properties.Body')
| spath input="propertiesBody"
| spath input="propertiesBody" path="voormelden{}.internationaaladres{}.validatie.status.code" output=Validatiecode
| spath input="propertiesBody" path="voormelden{}.collodata{}.voormeldbroncd.code" output=VoormeldBronCode
| stats count by VoormeldBronCode
| appendpipe [stats sum(count) as aantalvalidaties by Validatiecode | eval Validatiecode="Totaal Validaties"]
| sort Validatiecode

The result that I am looking for is the following: The Validatiecode can be either 1, 2 or 4. There are multiple VoormeldBronCodes.

What I want to know and present in a table is for every VoormeldBronCode how many times a Validatiecode has been present. So something like:

VoormeldBronCode	Validatiecode	count
22	1	123
22	2	89
22	4	456
40	1	894
40	2	485
40	4	245

Answer 1

The stats command discards all fields except those mentioned in the command so the subsequent commands do not have a 'Validatiecode' field to work with. Have you tried something like this?

index="applications_pas_p_g01550" 
| spath MessageTemplate | search MessageTemplate="Input Message: {Body}"
| eval propertiesBody = lower('Properties.Body')
| spath input="propertiesBody"
| spath input="propertiesBody" path="voormelden{}.internationaaladres{}.validatie.status.code" output=Validatiecode
| spath input="propertiesBody" path="voormelden{}.collodata{}.voormeldbroncd.code" output=VoormeldBronCode
| stats count by VoormeldBronCode Validatiecode