Consolidating table entries

dwear · ‎07-21-2016

192.168.1.7 |table Realm, Role

I have a search and I'm trying to consolidate to unique combinations of Realm and Role.

 Realm         Role
 Realm A      Role A
 Realm A      Role A
 Realm A      Role A
 Realm A      Role B
 Realm A      Role A
 Realm B      Role B
 Realm B      Role C

As you can see above, there is duplicates. I tried "|dedup Realm" but I feel like its eliminating some unique combinations by eliminating duplicate Realms. I'd like see if look like this.

 Realm         Role
 Realm A      Role A
 Realm A      Role B
 Realm B      Role B
 Realm B      Role C

Stevelim · ‎07-21-2016

| stats values(Realm)  as Realm, values(Role)  as Role

woodcock · ‎07-21-2016

Use 2 fields, like this:

192.168.1.7 | dedup Realm Role | table Realm Role

javiergn · ‎07-21-2016

Faster and nicer than dedup:

| stats count by Realm, Role
| fields - count

Consolidating table entries

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor