If anyone is wondering about the timing of the 3 commands above (rex, replace, eval), I tested on my own dataset and results are:
rex probably fastest, with rex and eval both taking about 1s in fast mode, but taking about 4s in verbose mode.
replace takes about 4s in both fast and verbose mode
... View more
This solution worked for me when I had duplicates in the values of a field.
(top was faster than dedup in my case).
https://answers.splunk.com/answers/240661/receiving-a-duplicate-labels-causing-conflict-erro.html
... View more
This solution worked for me (having duplicate values within a field). https://answers.splunk.com/answers/240661/receiving-a-duplicate-labels-causing-conflict-erro.html
... View more