How to remove duplicate entries when everything in entry matches

Comments

1 comment

  • Avatar
    Steven Hild

    Figured it out. Even though my fields show Time, Message, etc, I have to use the names like _messagetime and _raw to have the count BY to work. 
    And it is count BY fieldNames, since you can use the following worked

    ... | count BY _messagetime, _raw |  fields _count | sort by _messagetime asc

    0
    Comment actions Permalink

Please sign in to leave a comment.