Hi I am now creating splunk dashboard, but I am facing a weird result that I am really confused: I tried two queries: query1: * | dedup somthing | timechart count(somthing) as total query2: * | timechart distinct_count(something) as total In my understanding, these two queries should give me total number of distinct "something" in every bucket. But the thing is I get different result: for example I use last 7 day time range: I get this: query1: 1,1,0,0,1,1,3 query2: 1,3,0,0,1,4,3   Actually query 2 is correct. I do have 3 and 4 "something" at day2 and day 6.   So what is the difference between these two queries??   ... View more