https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632342#M9276 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,</P><P>Are you referring to the raw events that contains duplicates? If it is in the raw event, then it is nothing to do with the TA or Add-on?&nbsp; If it is with the raw event itself, may be worth to check the source of the data that is sending the logs to splunk...</P><P>Only these three fields are having the duplicates or any other fields?</P><P>&nbsp;</P> Mon, 27 Feb 2023 10:37:18 GMT bharathkumarnec 2023-02-27T10:37:18Z https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/583923#M8692 <P>Hi at all,</P> <P>I installed the Check Point App for Splunk and I found a strange behaviour:</P> <P>at first the name is "Check Point App for Splunk" but the folder name is "TA-check-point-app-for-splunk" ,that's strange: it's an App or a TA?</P> <P>But this isn't my problem:</P> <P>installing this app I found that, for each event, there are some fields (date, time and rule_action) that are duplicated with the same value, in other words, for each event there is two times the same field and the same value (e.g. rule_action="allowed").</P> <P>Has anyone encountered this problem?</P> <P>Ciao and thanks,</P> <P>Giuseppe</P> Mon, 27 Feb 2023 14:32:14 GMT https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/583923#M8692 gcusello 2023-02-27T14:32:14Z https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/584439#M8694 <P>I've seen the behavior sometimes when you use `| extract reload=T` in the search but not sure if it's due to that or something else.</P> Thu, 10 Feb 2022 06:23:10 GMT https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/584439#M8694 VatsalJagani 2022-02-10T06:23:10Z https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632342#M9276 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,</P><P>Are you referring to the raw events that contains duplicates? If it is in the raw event, then it is nothing to do with the TA or Add-on?&nbsp; If it is with the raw event itself, may be worth to check the source of the data that is sending the logs to splunk...</P><P>Only these three fields are having the duplicates or any other fields?</P><P>&nbsp;</P> Mon, 27 Feb 2023 10:37:18 GMT https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632342#M9276 bharathkumarnec 2023-02-27T10:37:18Z https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632498#M9277 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/217978">@bharathkumarnec</a>,</P><P>no only these three fields.</P><P>Ciao.</P><P>Giuseppe</P> Tue, 28 Feb 2023 07:36:56 GMT https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632498#M9277 gcusello 2023-02-28T07:36:56Z https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632593#M9278 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/161352">@gcusello</a>&nbsp;,</P><P>I have noticed the same behaviour, but when i unistalled the app/addon still i see duplicated fields but they are in my raw event as well.&nbsp;</P><P>Regards,</P><P>Bharath Kumar ASN</P> Tue, 28 Feb 2023 14:12:23 GMT https://community.splunk.com/t5/Knowledge-Management/Check-Point-App-for-Splunk-duplicated-field-values/m-p/632593#M9278 bharathkumarnec 2023-02-28T14:12:23Z