How do I count the number of unique recipients of each type of unique attachment from emails. The same user could receive the same attachment in multiple emails. Using the “dedup” command?
...ll the events with the same ID will be near each other (in time) but they won't be adjacent.
First, is DEDUP the right command to use in this scenario?
Second, how can I ensure that DEDUP (or w...
...rom, so in the meantime I have to dedup the results.
index=index1 sourcetype=dataset1 | dedup data_id | table column_1, column_2, column_3
My question is, is there a way to run the dedupcommand...
...s weird because each value should have two values for each _time)
index=test source="sample1.csv" OR source="sample2.csv" | bin span=1m _time
| dedup _time,source
*Timerange is "all time"
W...
Greetings!!
I would like to ask a question about dedup
eg: |dedup host ,IP
|dedup host |dedup IP
I've tried but when I use a comma, dedup works only on the first fields, and I want t...
I am running the dedupcommand for my ip_address field and I want to know the value returned by the command. Is it the last value seen, first value seen, something random? My search looks like t...
...he other, which doesn't make much sense to me. The two searches are:
index=XXXXXXXXXXXX sourcetype=XXXXXXXXXXX earliest=0 latest=@h | dedup src_ip sortby +_time | table src_ip,_time
and
i...
I need to search on multiple indexes with the need of the dedupcommand on one of the searches, for which I only need to pull unique events based on one of the fields. I can get the expected r...