Solved: Remove duplicate columns - column which have singl...

bhavesh0124 · ‎01-29-2024

Hi,

I want to get rid of columns which have single unique value. There could be multiple columns showing this behavior.

Test	Value1	Value2	Value3	Value4
Test1	2	b	a	7
Test2	1	c	a	7

I want to get rid of columns "Value3" and "Value4" since they have only one unique value across.

@gcusello @ITWhisperer @scelikok @PickleRick

ITWhisperer · ‎01-29-2024

Depending on the size of your data set, you could try something like this

| appendpipe
    [| stats values(*) as *
    | eval Test="ALL"]
| transpose 0 column_name=name header_field=Test
| where mvcount(ALL) > 1
| fields - ALL
| transpose 0 column_name=Test header_field=name

View solution in original post

ITWhisperer · ‎01-29-2024

Depending on the size of your data set, you could try something like this

| appendpipe
    [| stats values(*) as *
    | eval Test="ALL"]
| transpose 0 column_name=name header_field=Test
| where mvcount(ALL) > 1
| fields - ALL
| transpose 0 column_name=Test header_field=name

bhavesh0124 · ‎01-29-2024

Works perfectly, thanks

gcusello · ‎01-29-2024

Hi @bhavesh0124,

sorry bu it isn't possible: Splunk isn't Excel in which you can collapse two cells in one.

Ciao.

Giuseppe

Remove duplicate columns - column which have single unique value

fields

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation