Hello Splunkers,
I need a little help to exclude similar values at the same field in a search:
....| search ComputadorNome="PCSD-FA5-TI11" | eval CaminhoCompleto=Caminho+ArquivoInfectado | stats count by ComputadorNome, TextoResultado, UsuarioLogado, CaminhoCompleto, TipoScan
I need that all results that have similar values at field called "CaminhoCompleto" are not displayed at the result.
For example:
Field 1------Caminhocompleto-------Field3----
1 123 ABC 098
2 324 ABC 987
3 234 CBA 678
In this case the line 1 and 2 would be excluded from the result, because the field Caminhocompleto have the value ABC appearing more than one time.
Best Regards,
Igor Abreu
... View more