Hi Everyone,

I have the below query:

index=abc ns=yu CASE(ERROR)|rex field=_raw "ERROR(?<Error_Message>.*)"|eval _time = strftime(_time,"%Y-%m-%d %H:%M:%S.%3N")|dedup Error_Message|cluster showcount=t t=0.2|table Error_Message,_time, env, pod_name,ns,cluster_count|rename app_name as APP_NAME, _time as Time, env as Environment, pod_name as Pod_Name, Error_Message as Error_Message,cluster_count as Count

I am getting one error message like this:

Error_Message                               Count

",                                                              5

I dont want this ", error message to be displayed. Its clubbing total 5 messages into 1.

I dont want this ", error message to be displayed.

Can someone guide me.

when not using cluster is giving me all the 5 count but 4 messages are same(ids are different so dedup is not working).

I dont want ",  message to be displayed.

Can someone guide me on how to remove this.