Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

xpath is returning the duplicate values. How do I limit the output to single values?

rishiaggarwal
Explorer
‎02-01-2016 06:38 PM

Hi All,

Because of existing logs type, XPATH is returning a same value thrice. Is there any way to limit the number of values?
I am using max_match but seems like it is not working. Screenshot given below.

Regards
Rishi

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rakeshh123
Path Finder
‎02-01-2016 11:27 PM

Hello rishiaggarwal,
I tried to solve your problem..........I have taken sample data returning the same results like you

Data in my sample data

index="demo1"| table Username,ID,Date
alt text

Now i have written a query ..........for u r expected results

index="demo1"|streamstats count by _raw | search count<2 | eval eid=_cd |transaction ID,Date maxspan=5s| table Username,ID,Date
alt text

I hope u can use this query on your data ..........let me know if it works for u ...........

View solution in original post

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution
Solution

rakeshh123
Path Finder
‎02-01-2016 11:27 PM

Hello rishiaggarwal,
I tried to solve your problem..........I have taken sample data returning the same results like you

Data in my sample data

index="demo1"| table Username,ID,Date
alt text

Now i have written a query ..........for u r expected results

index="demo1"|streamstats count by _raw | search count<2 | eval eid=_cd |transaction ID,Date maxspan=5s| table Username,ID,Date
alt text

I hope u can use this query on your data ..........let me know if it works for u ...........

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution

s2_splunk
Splunk Employee
Splunk Employee
‎02-01-2016 07:52 PM

Can you provide a single sample event? Anonymize as needed. It's going to be difficult to help without seeing what your event structure looks like.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out &gt;&gt; As our brave ...