Identify Unique events across all fields for diffe... - Splunk Community

Splunk Search

Hi,

Below is my result after doing, xyseries Date_Time,APPROVAL_STATUS,ACT_UW_COUNT

Date_Time	APPROVED	BACK TO SALES	DECLINED	OTHERS
12:46:36	260-199	1-2	18-19	94-0
13:01:35	260-199	1-2	19-20	94-0
13:16:35	260-199	1-2	19-20	94-0
13:31:36	260-199	1-2	19-20	94-0
13:46:36	260-199	1-2	19-20	94-0
14:01:36	260-199	1-2	19-20	94-0
14:16:36	260-199	1-2	19-20	94-0
14:31:36	260-199	1-2	19-20	94-0
14:46:36	260-199	1-2	19-20	94-0
15:01:35	261-199	3-7	19-20	95-0
15:16:36	261-199	3-7	19-20	95-0
15:31:36	261-199	3-7	19-20	95-0
15:46:35	261-199	3-7	19-20	95-0
16:01:36	261-199	3-7	19-20	95-0
16:16:36	261-199	3-7	19-20	95-0
16:31:36	261-199	3-7	19-20	95-0

I want unique records for different approvalstatus w..r.t date_time

expected result

Date_Time	APPROVED	BACK TO SALES	DECLINED	OTHERS
12:46:36	260-199	1-2	18-19	94-0
15:01:35	261-199	3-7	19-20	95-0

...
| stats first(*) as * by APPROVED

Why don't you try stats first() ?

Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members! The ...