Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why I have "Duplicate values causing conflict" with eval ?

Abarny
Path Finder
‎04-21-2017 01:17 AM

Hi,

Can you tell me why i can't update my dynamic list on my dashboard ? I have this message : "Duplicate values causing conflict"

 index="gta_projets" 
|  eval acteur='logs{}.user.firstName'." ".'logs{}.user.lastName' 
| dedup acteur 
|top 200 acteur | sort by acteur

Thanks you for your answer,

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

niketn
Legend
‎04-21-2017 01:55 AM

If you are using the query to populate an input like dropdown, then check that you do not have any static choice created. Seems like one of your acteur returned by query is the same as the static choice you have defined for the input.

Also, if you just need the first 200 acteur, you should consider changing the query as below.

  index="gta_projets" acteur=*
 | eval acteur='logs{}.user.firstName'." ".'logs{}.user.lastName' 
 | dedup acteur 
 | sort acteur
 | head 200
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

Reply
Solved! Jump to solution
Solution

niketn
Legend
‎04-21-2017 01:55 AM

If you are using the query to populate an input like dropdown, then check that you do not have any static choice created. Seems like one of your acteur returned by query is the same as the static choice you have defined for the input.

Also, if you just need the first 200 acteur, you should consider changing the query as below.

  index="gta_projets" acteur=*
 | eval acteur='logs{}.user.firstName'." ".'logs{}.user.lastName' 
 | dedup acteur 
 | sort acteur
 | head 200
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

Abarny
Path Finder
‎04-21-2017 02:04 AM

Thanks for your answer,

I have same probleme, i write like you but I can't take all values in acteur cause it's a concatenation enter firstName and lastName

index="gta_projets"  logs{}.user.firstName="*"  logs{}.user.lastName="*" 
  | eval acteur='logs{}.user.firstName'." ".'logs{}.user.lastName' 
  | dedup acteur 
  | sort acteur
  | head 25
0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎04-21-2017 02:32 AM

@Abarny, Can you share the XML code for your input?

Do you see something like <choice value="<SomeValue>"><Some Label></choice>

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
Reply
Solved! Jump to solution

Abarny
Path Finder
‎04-21-2017 02:38 AM

It's okay i have puplate my list. Thaks niketnilay

0 Karma
Reply
Solved! Jump to solution

niketn
Legend
‎04-21-2017 04:03 AM

@Abarny...Cheers!!! 🙂 I have converted my comment to answer. Please accept to mark this question as answered if this helped!

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...