How to remove duplicate device_id within five min interval for 24 hours search,
for example :
10:00am device id =aaa123
10:01am device id =aaa123
10:02am device id =aaa124
10:03am device id =aaa123
10:04am device id =aaa123
10:05am device id =aaa123
10:08am device id =aaa123
10:15am device id =aaa123
10:25am device id =aaa123
expected result:
_time count
10:00 am 2
10:05 am 1
10:10 am 0
10:15 am 1
10:20 am 0
10:25am 1
10:30 am 0
You are looking for thedc()
function - distinct count.
Try this...
| bin _time span=5m
| stats dc(device_id) by _time