Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to decrease the count for everr search that is true

santohang
New Member
‎01-22-2018 03:06 PM

I'm trying to remove duplicates log from the search result every time the page is refreshed.
eg
index=main "Entered into page B"

The possibility here is, this message will be printed when navigating from page A to page B.
This will be printed again everytime the page refreshes.
So, I have a separate log that looks something like this "page is refreshed".
I do know | dedup function will be able to remove the duplicate but this will not be suitable for use here since the "Entered into page B" may also be true if navigating from page C to Page B.

How can I utilize the "Page is refreshed" log to only return one result for every time the "page is refreshed" is true ?

Thank you in advance

0 Karma
Reply

niketn
Legend
‎01-22-2018 11:24 PM

@santohang, can you add samples for all events you are talking about? Is there any information in the log that you can identify whether the source was page A or page C?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

nickhills
Ultra Champion
‎01-23-2018 01:01 AM

I was going to say something similar - if you have the referrer you can dedup by "page" and "referrer" '|dedup page referrer|` this would give you a record of each page load and the previous page. Where this approach falls down, if if someone goes a->b. b->c. c->a. and then a->b. as it will only show the last occurrence.
Another alternative is to exclude results where the 'hits' where the referrer matches the page (but this depends on the way your server logic is configured)

If my comment helps, please give it a thumbs up!
0 Karma
Reply

mayurr98
Super Champion
‎01-22-2018 10:18 PM

can you try | stats latest(_raw)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...