Sorry if I was not clear on what I am expecting ..The tabular format that I showed is output of .

| stats values(SN) as abc by _time . This search gives the tabular format output I showed .From that result I want to compare each cell of field "abc" with the next event and if there is a no difference then it should omit it and again it should compare with third one if its different it stays and now the third one should match with the next one and the list goes on

My question was asking you why dedup does not work - the example I showed you was your data using dedup to remove the duplicate abc values you refer to.

What is wrong with that example. If my example doesn't give you what you want, can you clarify with a table, what from your first table (from the stats values command) should appear as your final expected result.

My search 
index=* 
| stats values(SN) as SN by _time gives the following output 

The output that I am looking at is search that compares results and output;s non-consecutive results like below.The date 2022-03-09 06:42:36 has less number of values so that is also considered different... 

Since its comparing and not removing duplicates dedup is not worki

I am sorry - I still don't understand - in your latest example, you have 9 rows in your input and your expected output shows 8 rows with ONLY the second row removed (2022-04-04 10:16:34) as it is a duplicate of row 1

However, comparing rows 3 and 4, the abc values are identical, so why are these not removed?

Are you also saying you ONLY want CONSECUTIVE duplicates removed, not ANY duplicate?

Sorry for that .. I am trying to do a comparison for each row.For instance , compare row 1 with row 2...if both are same then omit row2 ...then compare row 1 with row3 ..if different i want that row...then compare row3 with row 4 if they are same then omit row4 and then the list goes on...The tough part I am facing is..dedup removes duplicates irrespective of what order they come in ...what I am looking is compare each row ..in this way if you see row1 data same as row 3 but row 2 is different . 

@vrmandadi 

Your input example is as above. In your latest reply, you say ROW 1 is the same as ROW 3, but ROW 2 is different, which doesn't seem to match the above data. It appears ROW 1 and ROW 2 are the same so would be excluded, which is how you showed your output in a previous reply.

After excluding ROW 2, you then compare ROW 1 and ROW 3, which are different, so you keep ROW 3, but you then say you want to compare ROW 3 and ROW 4. In your example you have NOT excluded ROW 4, although they are the same. 

It's still not clear WHY, in your earlier post, you are keeping both ROW 3 and ROW 4, when they are the same, but your description of the removal logic states comparing ROW 3 and ROW 4 would remove the duplicate, which is not done.

Hello ,

Thank you so very much for following up on this  and please sincerely accept my apologies if any confusion is created .Let me put it in correct way.

in the example you posted

1. compare row1 with row2...if same then omit row2 else keep row2.

2. Next.Compare row1 with row 3(if row2 is omitted..else compare row2 with row3) ..if same omit row3...if different keep.

3.keep comparing .

Hope this is clear

@vrmandadi 

Unfortunately, it  does not make it clearer. You do not address the question why you retain row 4 when it is the same as row 3.

| streamstats window=1 current=f values(SN) as previous
| where SN!=previous

I tried it but did not work

Given that this only keeps events where SN does not match the previous SN, in what way did it not work?

Since the fields are multivalued I suppose the solution with values(SN) might mess up the order of values. With list(SN) it should work pretty well.