What should be used to see results of a calculation or group events on a field value?

The most effective way to see results of a calculation or to group events based on a field value in Splunk is by utilizing the "stats" command. The "stats" command is specifically designed to aggregate data and perform calculations like sums, averages, counts, and more on specific fields. For instance, if you need to calculate the total number of events or find the average value of a numerical field, the "stats" command allows you to do this in a straightforward manner, providing a clear overview based on the parameters you define.

On the other hand, the "transaction" command is meant for grouping related events that share fields, not specifically for performing calculations. "groupby" is not a valid command in Splunk; instead, the syntax used for grouping and aggregating data is primarily handled through the "stats" command. "eventcount" is another Splunk feature for counting events, but it does not provide the same level of statistical capabilities as the "stats" command. Therefore, leveraging "stats" is the correct choice when seeking to see results of calculations or group events by a field value effectively.