I use various dashboards which include in Splunk Enterprise Security app.
In case of duplicate logs in my environment, the data inside the dashboards is obviously incorrect.
For example: In HTTP Category Analysis dashboard, I see some category with count of 2 although both of these 2 are actually the same log.
I can recognize duplicate logs in my environment by a field called log-id.
Is there any option to define that all queries will do something like 'dedup' before retrieving results?
If so, is there any automatic way to do that instead of changing each dashboard's query?