![]() ![]() ![]() In this example duplicates must have the same combination of values the source and host fields. Remove only consecutive duplicate events. Keep results that have the same combination of values in multiple fieldsįor search results that have the same combination of source AND host values, keep the first 2 that occur and remove all subsequent results. Remove duplicate search results with the same host value and sort the events by the _size field in descending order. Sort events after removing duplicate values | from main order by ASC _time | dedup source 4. Remove duplicate results with the same source value. ![]() Sorting the events ensures that the oldest events are listed first. Use the order by clause in the from command to sort the events by time in ascending order, the default order. Sort events in ascending order before removing duplicate values The sort command is most often used at the end of your search, either as the last command or the next to the last command. Keep the first 3 duplicate resultsįor search results that have the same source value, keep the first 3 that occur and remove all subsequent results. Remove duplicate search results with the same host value. Remove duplicate results based on one field To learn more about the dedup command, see How the dedup command works.ġ. The following are examples for using the SPL2 dedup command. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |