Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4,000 results
Sorted by:
10-04-2019
02:00 PM
...rue
I am aware that I can run this to remove duplicates at search time.
| inputlookup myAAAlookup.csv
| dedup ACCT,AUID,ADDR
| outputlookup myAAAlookup.csv append=true
However, I want t...
04-15-2018
10:20 AM
Could you please explain the difference between dedup and unique
03-12-2014
06:50 AM
2 Karma
Hi,
what is the easiest way to filter out event duplicates without adding every field in the dedup command?
Is
| dedup _raw
the correct approach?
BR
02-23-2018
02:38 AM
When searching in our list of usernames that have logged in, I dedup the usernames but the results are case sensitive.
For example I have user01 and User01 both showing in the search results.
H...
03-17-2020
02:19 PM
Assuming there are 2 columns - Date & count and there are duplicates date.
How to dedup on Date and pick the maximum count value ?
2020-02-27 1522
2020-02-27 1680
2020-02-28 1639
2020-0...
- Tags:
- dedup
10-29-2019
04:11 AM
I am facing issues wherein the events with same timestamp are not showing in results, when I dedup based on time, but I want all those events, even after dedup. Even epoch will be same for those e...
before-dedup.png (1 KB)
after-dedup.png (1 KB)
Show results in replies (9)
-
I guess you want to remove duplicate values and not entire rows. dedup removes rows based on the c...
-
in your case, it looks like you should just change the key you're using to dedup, such as c...
-
I will try doing dedup with more than one field and check. I will revert on it.
-
No, I dont want to remove the dedup values, instead I want to keep it. As it is a summary index, i...
-
Hi pgadhari, did you tryed to dedup for all the fields you have in Summary, or at least the m...
-
...f you want all the events why do you dedup? Ciao. Giuseppe
-
Hi @pgadhari , I don't understand why you want to use dedup and also want to keep the events a...
-
...etting duplicated events, hence I have to dedup. But doing dedup is removing one of the event of the s...
-
I can try doing dedup the _raw events, but I am not sure, how it can help ? But see my above r...
01-20-2015
12:28 PM
1 Karma
Hi. I am creating a search and dashboard to display our last ten locked account events. This seems to work well as I have it configured. One of the things I am doing is using the dedup command to r...
07-05-2016
03:08 PM
I can do the following separately, and I get the results I want.
index="wineventlog" EventIdentifier="4624" | dedup ComputerName
index="wineventlog" EventIdentifier="4688" AND (N...
Show results in replies (4)
-
use comma to combine multiple dedup fields . dedup Computer_Name,New_Process_Name
-
...ndex="wineventlog" EventIdentifier="4624" | dedup ComputerName | append [ search index="wineventlog" E...
-
index="wineventlog" EventIdentifier="4624" | dedup ComputerName | append [ search index="w...
-
...*")) | eval dedupfield=if(EventIdentifier="4624", ComputerName, New_Process_Name) | dedup dedupfield
02-11-2021
07:22 AM
Hello All, May I request you to help me with the query below I have two fields "customertripid & success" Customertripid has a unique id for a transaction - the transacti...
- Tags:
- dc
- distinctcount
Labels
- Labels:
-
other
Show results in replies (4)
-
Rather dedup try | stats count by customertripid success | stats count by success
-
When success=false, the dedup will pick up all the customertripid which have failed When s...
-
...ow can I use this to do this .... using your solution (this dedup doesnt count a txn that followed s...
-
The reason you get no results is that the stats command returns two fields customertripid and succe...
