Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get 2 unique rows for the values in the list.

angersleek
Path Finder
‎10-24-2022 06:37 AM

I have the following query: 

 

application_id=12345 STATUS_CODE IN (300, 400, 500)| head 10

 

How can I modify this such that I can get 2 unique rows where STATUS_CODE is 300, 2 unique rows where STATUS_CODE is 400, 2 unique rows where STATUS_CODE is 500 and so on? 

Above query ends up fetching 10 rows of the first ones it can find thus end up with all 10 rows as STATUS_CODE as 300 in correctly.

Pls advice. Thanks.  

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-24-2022 06:42 AM

The dedup command will keep the first n events with unique field values.

index=foo application_id=12345 STATUS_CODE IN (300, 400, 500)
| dedup 2 STATUS_CODE

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-24-2022 06:42 AM

The dedup command will keep the first n events with unique field values.

index=foo application_id=12345 STATUS_CODE IN (300, 400, 500)
| dedup 2 STATUS_CODE

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...