How do I count the number of unique recipients of each type of unique attachment from emails. The same user could receive the same attachment in multiple emails. Using the “dedup” command?
...ll the events with the same ID will be near each other (in time) but they won't be adjacent.
First, is DEDUP the right command to use in this scenario?
Second, how can I ensure that DEDUP (or w...
...rom, so in the meantime I have to dedup the results.
index=index1 sourcetype=dataset1 | dedup data_id | table column_1, column_2, column_3
My question is, is there a way to run the dedupcommand...
...s weird because each value should have two values for each _time)
index=test source="sample1.csv" OR source="sample2.csv" | bin span=1m _time
| dedup _time,source
*Timerange is "all time"
W...
Greetings!!
I would like to ask a question about dedup
eg: |dedup host ,IP
|dedup host |dedup IP
I've tried but when I use a comma, dedup works only on the first fields, and I want t...
I am running the dedupcommand for my ip_address field and I want to know the value returned by the command. Is it the last value seen, first value seen, something random? My search looks like t...
...he other, which doesn't make much sense to me. The two searches are:
index=XXXXXXXXXXXX sourcetype=XXXXXXXXXXX earliest=0 latest=@h | dedup src_ip sortby +_time | table src_ip,_time
and
i...
...o get the total number of events, and data set size. Then ran the same search with the dedupcommand to reduce out all the duplicate events..... | dedup _time _raw The problem is the dedupcommand...