Solved: How to get 2 unique rows for the values in the lis...

angersleek · ‎10-24-2022

I have the following query:

application_id=12345 STATUS_CODE IN (300, 400, 500)| head 10

How can I modify this such that I can get 2 unique rows where STATUS_CODE is 300, 2 unique rows where STATUS_CODE is 400, 2 unique rows where STATUS_CODE is 500 and so on?

Above query ends up fetching 10 rows of the first ones it can find thus end up with all 10 rows as STATUS_CODE as 300 in correctly.

Pls advice. Thanks.

richgalloway · ‎10-24-2022

The dedup command will keep the first n events with unique field values.

index=foo application_id=12345 STATUS_CODE IN (300, 400, 500)
| dedup 2 STATUS_CODE

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎10-24-2022

The dedup command will keep the first n events with unique field values.

index=foo application_id=12345 STATUS_CODE IN (300, 400, 500)
| dedup 2 STATUS_CODE

---
If this reply helps you, Karma would be appreciated.

How to get 2 unique rows for the values in the list.

subsearch

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

How to get 2 unique rows for the values in the list.

subsearch

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...