You don’t need to loop through the values, you need to treat them as multivalue fields, and expand/filter appropriately
For example:
index=ndx sourcetype=srctp fieldname.subname{}.value=*
| rename fieldname.subname{}.value as subname
| mvexpand subname
| stats count by subname
| fields - count
from User warren – Stack Overflow https://stackoverflow.com/questions/74778740/how-to-extract-values-from-json-array-and-validate-in-splunk/74798777#74798777
via IFTTT