Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to omit duplicate values of a column

harish_ka
Communicator
‎12-12-2014 06:43 AM

Hi i have a report as below,

Col A -----Col B--------Col C-----Col D
-------------------------------------------------
ABCD-----US  ----------323------12
XYZZ------AM-----------323------11
SADF-----SD------------323-------88

i need to remove the duplicate values of col C, i need to show only once in the first row like below,

Col A -----Col B--------Col C-----Col D
-------------------------------------------------
ABCD-----US  ----------323------12
XYZZ------AM----------------------11
SADF-----SD-----------------------88

Here the report is grouped by ColA and ColB...

Can anyone help me on this....

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-12-2014 08:10 AM

Based on your current update, this should work.

your base search giving "Col C" and "Col D" group By "Col A" and "Col B"  | streamstats count as sno by "Col C"| eventstats max(sno) as max count as total  | eval "Col C"=if(total>max,'Col C', if(sno=1,'Col C', null())) | fields - sno,max,total

View solution in original post

Reply
Solved! Jump to solution

chimell
Motivator
‎12-15-2014 12:48 AM

Hi

Try this search code I ‘m sure that it will be work well

replace omitduplication.csv by a source name of your file

source="omitduplication.csv "| stats count by colA ,colB, colD | appendcols[search source="omitduplication.csv" | dedup colC] | table colA colB colC colD
0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎12-12-2014 08:10 AM

Based on your current update, this should work.

your base search giving "Col C" and "Col D" group By "Col A" and "Col B"  | streamstats count as sno by "Col C"| eventstats max(sno) as max count as total  | eval "Col C"=if(total>max,'Col C', if(sno=1,'Col C', null())) | fields - sno,max,total
Reply
Solved! Jump to solution

rsathish47
Contributor
‎12-14-2014 10:28 AM

base search | streamstats count as sno by Col_C | eval Col_C=if(sno=1,Col_C,"") | fields - sno

0 Karma
Reply
Solved! Jump to solution

harish_ka
Communicator
‎12-15-2014 01:52 AM

Thank you so much somesoni2 and rsatish47 🙂
its working as i expected...

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎12-12-2014 07:45 AM

What should be the output if report is like this.

 Col A -----Col B--------Col C-----Col D
-------------------------------------------------
ABCD-----US ----------323------12
XYZZ------AM-----------323------11
SADF-----SD------------323-------88
PQRS------PM-----------999------11
QWER-----GB------------323-------88
0 Karma
Reply
Solved! Jump to solution

harish_ka
Communicator
‎12-12-2014 07:55 AM

The column C values remains the same...
if i have 5 rows..all values of Col C will be 323

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...