×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
alexrp25
Engager
Member since: ‎09-05-2022
‎09-06-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎09-05-2022
Activity Feed
View All

Re: How to deal with duplicate records?

by in Splunk Cloud Platform
‎09-06-2022 10:16 AM
‎09-06-2022 10:16 AM
Hello Rich Thank you very much for the advising. Is there a way I could do the logging collecting adjustment on the Universal Forwarder? I was wondering if I could make it ignore the duplicates before sending to Splunk Cloud.  Thank you.  ... View more

How to deal with duplicate records?

by in Splunk Cloud Platform
‎09-05-2022 09:16 AM
‎09-05-2022 09:16 AM
Our app is enclosed within a Docker container environment.  We can access the app only through standard web interfaces and APIs.  We have no access to the underlying operating system.  So, through an API we retrieve the logs and store them on a remote server.  We unzip them, put them in the known paths, and the Splunk UF on that device forwards them to Splunk.   We retrieve our logs every hour.  They overwrite what is there.  This means that when seen by the Splunk UF, they appear to be new logs.  However, within them they are the same file, just with another hour of data in them.    Could you please advise on how to deal with those seemingly duplicate log information? Is there a way to work the results in a Splunk pipe search? Or should we adjust it in our log collection process before the Splunk UF send them to the Splunk Cloud Plattform?   Thank you. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-06-2022 01:37 PM
Karma given to
View All