I want to remove alarms that reoccur within 10 seconds. How do I do this?
Time ; Alarm_Text
01:00:00 ALARM1
01:01:00 ALARM1
02:30:00 ALARM2
02:36:00 ALARM2
03:50:00 ALARM3
03:58:00 ALARM3
Result I Want
01:00:00 ALARM1
02:30:00 ALARM2
03:50:00 ALARM3
Or This Result Will Do
01:01:00 ALARM1
02:36:00 ALARM2
03:58:00 ALARM3
Try this
...| bucket span=10s _time | streamstats count by _time | where count=2
Thank you so much, its saved my day...