getting the unique value for each row

abhayneilam · ‎10-21-2012

Hi,

I have a file which contains as follows:

Filed_Name

abhay,murari,chennai
chennai,delhi,chennai
murari,murari,abhay
delhi
chennai,murari

Now, My output should be :

Output_Filed_Name

abhay,murari,chennai
chennai,delhi
murari,abhay
delhi
chennai,murari

For each row, I am removing duplicate values, in second row -- out of 2 chennai, I took only one chennai and in 3rd row,----out of 2 murari, I took only one murari.

Please help !!
Thanks in Advance,

Abhay

lguinn2 · ‎10-21-2012

In my answer, I am assuming that you have a field named outputField which contains "abhay,murari,chennai" exactly like this - a string where commas separate the values. If this is the case, then the following should work

yoursearchhere
| eval outputField=split(outputField,",")
| eval uid = splunk_server +  index +  _cd 
| mvexpand outputField
| dedup outputFiled
| mvcombine delim="," uid

Ayn · ‎10-21-2012

I meant that you have the individual values extracted as fields, so "abhay","murari","chennai" would be individual values, not just one field with "abhay,murari,chennai" as one single value.

abhayneilam · ‎10-21-2012

yaa this field "Output_Field_Name" is an extracted field. which comes from "table" command

myserch | table fieldone fieldtwo Output_Field_Name

Please help me to achieve this...

Ayn · ‎10-21-2012

Do you have these extracted as fields? If you do, this should be a fairly easy problem to solve. If you don't, then that's what you should focus on solving.