cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
kashtech
Observer
Member since: ‎05-19-2023
‎11-01-2023
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-19-2023
View All

Re: How to dedup based on other fields conditions?

by in All Apps and Add-ons
‎05-19-2023 08:01 PM
‎05-19-2023 08:01 PM
Oh! sorry for the typo, my expected output: name='xyz', user='abc', type='type1', other-fields name='name2', user='def', type='type2', other-fields ... View more

How to dedup based on other fields conditions?

by in All Apps and Add-ons
‎05-19-2023 05:35 PM
‎05-19-2023 05:35 PM
I am new and learning splunk, I have a 2 events like below with same event type.  name='name1', user='abc', type='type1', other-fields     : latest event name='name1', user='abc1', type='type1', other-fields  : past event name='name2', user='def', type='type2', other-fields        I want to dedup based on user field, but the dedup value changes but all other fields remain same. In this case I want to match fields name & type between first 2 events and pick up the latest one.  My final filtered events should be: name='xyz', user='abc', type='new', other-fields name='name2', user='def', type='type2', other-fields   Any suggestions?     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-01-2023 04:49 PM