Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to decrease the count for everr search that is true

santohang
New Member
‎01-22-2018 03:06 PM

I'm trying to remove duplicates log from the search result every time the page is refreshed.
eg
index=main "Entered into page B"

The possibility here is, this message will be printed when navigating from page A to page B.
This will be printed again everytime the page refreshes.
So, I have a separate log that looks something like this "page is refreshed".
I do know | dedup function will be able to remove the duplicate but this will not be suitable for use here since the "Entered into page B" may also be true if navigating from page C to Page B.

How can I utilize the "Page is refreshed" log to only return one result for every time the "page is refreshed" is true ?

Thank you in advance

0 Karma
Reply

niketn
Legend
‎01-22-2018 11:24 PM

@santohang, can you add samples for all events you are talking about? Is there any information in the log that you can identify whether the source was page A or page C?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

nickhills
Ultra Champion
‎01-23-2018 01:01 AM

I was going to say something similar - if you have the referrer you can dedup by "page" and "referrer" '|dedup page referrer|` this would give you a record of each page load and the previous page. Where this approach falls down, if if someone goes a->b. b->c. c->a. and then a->b. as it will only show the last occurrence.
Another alternative is to exclude results where the 'hits' where the referrer matches the page (but this depends on the way your server logic is configured)

If my comment helps, please give it a thumbs up!
0 Karma
Reply

mayurr98
Super Champion
‎01-22-2018 10:18 PM

can you try | stats latest(_raw)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...