My team has duplicate events in our index (~600 GB). We have fixed duplicate source and need to remove the existing duplicates from the index. What are the best practices for managing duplicates over a large index? So far we've explored two options - Create a summary index with duplicates removed     - its a large compute load to run this deduplication job and populate a new index all at once. How can we do this efficiently and prevent our job from auto-cancelling?     - We would like to be able to update the new index from the one containing duplicates on ingest. Are there best practices for doing this reliably? - Delete duplicate events from current index     - this is less attractive, due to permanent deletion ... View more

I have a time chart of count by field     | timechart count by field_name limit=0     I would like to divide each value in the statistics table by the mean of that field.  Current Output: Time A B 1 1 4 2 2 5 3 3 6   Desired Output: Time A B 1 0.5 0.8 2 1 1 3 1.5 1.2   I can use a `foreach` to perform an operation on every column but I am having trouble configuring a subquery within that to calculate the mean and divide by it. ... View more