Remove duplicate entries.

Follow

Eyamir Billat

• December 17, 2018 11:12

How do i remove duplicate entries from a query? In Splunk you have command (| dedup).

0

• 

  Stacy Kornluebke

  • December 27, 2018 19:23

  Hello Eyamir,

  In Sumo we recommend:

  ...| count BY fieldName
  | fields - _count

   

  You can check out other Splunk migration recommendations here:

  https://help.sumologic.com/@api/deki/files/2773/Sumo_Logic_to_Splunk_Command_Mapping_Cheat_Sheet_v1.1.docx

   

  0

  Comment actions Permalink

Please sign in to leave a comment.