Unfortunately this still gives me computers which have multiple entries in the application field.

But will try look into the stats function

If you have duplicate events you should perform dedup first:
| dedup computer, application
| stats count as app_count, values(application) by computer
| where app_count=1

To add some more information to my Question. The data is regarding which applications that was started from specific computers. So i want to filter out computers that have started more than 1 application, or even a specific application if that helps.

I tried dedup, but it still shows computer if they have more applications.
This is example of the output.. I only want PC005291 to be showed if 1 unique entry with application

       Field                              Field                                    Field            Field
    _time                           Application                        Activity        extracted_Host
05/09/201811:48:27.000  Autostart SP IE11             Proxy           PC005291

05/09/2018 11:45:54.000 VA - login til StoreFront   Proxy           PC005291

Thanks

Hi @lbkAconectodk, Does the application field have a comma-separated list of applications?

And I realized query should return the same with or without dedup because of our stats command.

I've tried to test this using the following query. Maybe you can check and tell me if I'm understanding it wrong somewhere:
| makeresults count=10
| eval application="app".random()%10
| eval computer="computer".random()%6
| stats values(application) as apps by computer
| where mvcount(apps)=1