×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
gbehl
New Member
Member since: ‎06-29-2018
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-29-2018
View All

Re: Find duplicate events for a pattern that occur...

by in Splunk Search
‎06-29-2018 12:31 PM
‎06-29-2018 12:31 PM
It works fine except the fact that it picks the first row and ignores the other rows. After running this query, I realized that there are some exceptions in data where I would need all the _raw rows which I can get by doing an extra click. I can live with that for now. Thanks a lot! ... View more

Find duplicate events for a pattern that occurred ...

by in Splunk Search
‎06-29-2018 07:21 AM
‎06-29-2018 07:21 AM
My requirement is to find duplicate events for a pattern that occurred in the same 'second' of timestamp after stripping the millisecond value. queries that I tried but didn't give me 100% success: search_pattern | timechart span=1s count | where count >1 search_pattern | timechart span=1s count | where count >1 | table _time, _raw Not sure if 'eventcount summarize=false' or 'eventstats' would be of any help here. P.S. I've recently started on splunk hence my knowledge is limited but I can work with pointers and do hit n trial approach. Any pointers are appreciated. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM