What have you tried already?
I suspect this (or similar) will work, presuming Splunk’s identified this data as being in JSON format already:
index=ndx sourcetype=srctp properties{}.host=*
| rename properties{}.host as hostname
| stats count by hostname
from User warren – Stack Overflow https://stackoverflow.com/questions/63826857/splunk-query-to-retrieve-value-from-json-log-event-and-get-it-in-a-table/63834378#63834378
via IFTTT