Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to delete the repeated rows and only keep the values that have a reason?

crmarley20
Explorer
‎02-09-2022 01:21 AM

Hello,

Please I need your help,  I have a dedup with a conditional.

It happens that I have this table where when the technician enters the reason for its technical service is saved in splunk its previous value and the new change.

I need to delete the repeated rows and only keep the values that have a reason written by the technician.

crmarley20_1-1644398464341.png

 

Labels (7)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2022 01:29 AM

Hi @crmarley20,

let me understand: you want that only the last comment is displayed in the table, is it correct?

if this is your need, you could run something like this:

your_search
| stats last(grund) AS grund BY start end technician

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2022 01:29 AM

Hi @crmarley20,

let me understand: you want that only the last comment is displayed in the table, is it correct?

if this is your need, you could run something like this:

your_search
| stats last(grund) AS grund BY start end technician

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

crmarley20
Explorer
‎02-09-2022 02:14 AM

I solved it, thank you very much for your support.

In my real case I have more columns so what I have done is to sort each row by Begin End and the error number (it happens that the error number of the message "Techn. did not write" is 8000000 while the type of reason have error numbers less than 100. With the data sorted, I applied dedup with the Begin End and Technician fields.

Thank you very much for your help. 

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2022 02:18 AM

Hi @crmarley20,

good for you, see next time!

Please accept my answer for the other people of Community.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Solved! Jump to solution

crmarley20
Explorer
‎02-09-2022 01:54 AM

It does not always work, I have tested it in my real case and it does not work well. Is there another solution?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎02-09-2022 02:05 AM

Hi @crmarley20,

what do you mean with "It does not always work", what's the wrong result you have?

Probably there's omething different in the real data you have.

could you better describe the situation?

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...