1. How to only display unique values from a field? - Splunk Community
16 nov 2017 · I only want to show unique key IDs in the table. How can I do this? Based on some posts I found on here there is something called 'dedup' that ...
I am searching the my logs for key IDs that can either be from group 'AA' or group 'BB'. I find them by using rex and then display them in a table. (AA_12345 for example). "ns=myApplication" "trying to insert document with keyId:"| rex field=message "(?
(AA_\d+)|(BB_\d+))" | table id Some of thos...
2. How to create a table listing users and unique values for other associated ...
How do I create a table that will list the user showing the unique values of either HostName or Access? I want to be able to search for users who are coming ...
I have the following fields: User HostName Access User A machine A SSH User A machine A VPN User A machine B SSH User B machine B SSH User B machine B SMB User C machine C SSH and so on.... How do I create a table that will list the user showing the unique values of either HostName or Access? I want...
3. Display in table each unique value and additional - Splunk Community
25 jul 2017 · Hi all, I am a very new splunk user and would like to conduct produce a table with of each unique ID and the corresponding error message.
Hi all, I am a very new splunk user and would like to conduct produce a table with of each unique ID and the corresponding error message. For context, each 'event' looks similar to this: 'Date (?) name (?) error details' So I have managed to extract the ID and ErrorID, but there are often multiple e...
4. Re: Creating a table with unique rows base upon un... - Splunk Community
13 feb 2024 · I am relatively new to the Splunk coding space so bare with me in regards to my inquiry. Currently I am trying to create a table, ...
Multi-line explains why default Component and Section_5 do not contain all data. Do not worry about props.conf, then. This is what you can do: | sort host _time | eval data = split(_raw, " ") | eval data = mvfilter(match(data, "^Component=")) | mvexpand data | rename data AS _raw | extract | rena...
5. How to list only distinct values from the listed results? - Splunk Community
Hi I have a query which runs and results me the list of Ip's in a table format grouped by username. In my table of results there might be different.
Hi I have a query which runs and results me the list of Ip's in a table format grouped by username. In my table of results there might be different IP's for the same username which are listed down in the single IP cell. Please find below the example of my result table: Username----------------------...
6. How do I get a table with a count and distinct cou... - Splunk Community
20 apr 2020 · Solved: I would like to get a count of errors that I have generated on splunk from different objects. All of them have a field error.
I would like to get a count of errors that I have generated on splunk from different objects. All of them have a field error. This is my query: index="db-woodchipper" earliest=-7d@d latest=now \"Error\": | table *.Error Results: ![alt text][1] RAW: {"SalesforceUpdater": {"MessageBody": {"ServerName"...
7. Get distinct rows when using inputlookup and lookup
5 sep 2020 · I am using one field to join two lookup tables but both my tables have duplicate values. In the output I want to get unique rows containing ...
Hi, I am using combination of inputlookup and lookup to generate a report. I am using one field to join two lookup tables but both my tables have duplicate values. In the output I want to get unique rows containing fields from both lookup tables but I seem to get duplicate values in 2nd lookup table...
8. Solved: Display total count of unique values of a field? - Splunk Community
15 sep 2022 · Hi, Fundamentals question but one of those brain teasers. How do i get a total count of distinct values of a field ?
Hi, Fundamentals question but one of those brain teasers. How do i get a total count of distinct values of a field ? For example, as shown below Splunk shows my "aws_account_id" field has 100+ unique values. What is that exact 100+ number ? If i hover my mouse on the field, it shows Top 10 ...
