https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25344#M4096 <P>Hi,</P> <P>I want to filter the duplicate events from dashboard which only differ in timestamp how its possible.<BR /> My log file events are like this.The datas are same but differ by timestamp.How to pick only one event and can show it in dashboard.</P> <P>[2012-08-02 06:00:58,723] abcdefgggggg<BR /> [2012-08-02 06:00:58,724] abcdefgggggg</P> Fri, 03 Aug 2012 14:56:46 GMT john 2012-08-03T14:56:46Z https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25344#M4096 <P>Hi,</P> <P>I want to filter the duplicate events from dashboard which only differ in timestamp how its possible.<BR /> My log file events are like this.The datas are same but differ by timestamp.How to pick only one event and can show it in dashboard.</P> <P>[2012-08-02 06:00:58,723] abcdefgggggg<BR /> [2012-08-02 06:00:58,724] abcdefgggggg</P> Fri, 03 Aug 2012 14:56:46 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25344#M4096 john 2012-08-03T14:56:46Z https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25345#M4097 <P>At search time, extract the event body from the timestamp, and use dedup on the field.</P> <P>example to test:<BR /> <PRE><BR /> mysearch | rex "\[\d+-\d+-\d+ \d+:\d+\d+,\d+\](?<EVENT>.*)" | dedup event<BR /> </EVENT></PRE></P> Fri, 03 Aug 2012 15:02:31 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25345#M4097 yannK 2012-08-03T15:02:31Z https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25346#M4098 <P>John, did it worked for you ?</P> Mon, 03 Sep 2012 07:09:57 GMT https://community.splunk.com/t5/Getting-Data-In/how-to-avoid-duplicate-events-only-differ-in-timestamp/m-p/25346#M4098 yannK 2012-09-03T07:09:57Z