Solved: Merging two log line

keshab · ‎11-04-2011

I have two log line with the same information. How can I do search so that it displays just one log??

For e.g.

2011-11-04 10:20:48,476 [WARN ] RemoteIpAddress: X.X.X.X; SessionId: XXX; exception: Password or Wolfram ID entered was incorrect
2011-11-04 10:20:48,476 [WARN ] RemoteIpAddress: X.X.X.X; SessionId: XXX; exception: Password or Wolfram ID entered was incorrect

I want it to display one result instead of two.

keshab · ‎11-04-2011

that's right but for splunk using uniq worked..thanks

View solution in original post

keshab · ‎11-04-2011

that's right but for splunk using uniq worked..thanks

Simeon · ‎11-04-2011

I believe you want to investigate using the dedup command against a common field (possibly _raw). You should really fix the situation where it is logging multiple lines of the same content.

Merging two log line

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation