I am new to using Splunk and I am running a report to list all Teams meetings that were recorded over the past 6 months.  I am getting duplicate entries in my report because MSFT creates a TMP file when the recording starts. The search parameters I am using to generate the report:   index=o365 Operation=FileModified SourceRelativeUrl= "*/Recordings" SourceFileExtension = "mp4" The search results will present 2-3  ObjectId's for the same meeting and I am trying to figure out how I can omit the results that included ~tmp. Any help that can be provided on the correct search parameters to not include these results would be appreciated...Thanks   ... View more