Find distinct x and corresponding y

splunk
rickygrimes picture rickygrimes · Apr 3, 2014 · Viewed 8k times · Source

I have a set of records with multiple duplicate values across two fields X, and Y. I would like to write a splunk query to find distinct X, and its corresponding Y value. I am completely lost, and have no clue on how to come up with this query. Can someone please help?

Answer

Syon picture Syon · Apr 3, 2014

What you're looking for is probably as simple as

| dedup X Y | table X Y

This will find all distinct combinations of X and Y and remove all duplicates, then display the result in a table.

Related questions

What does (?i) and ?@ in this regex mean

In the following regex what does "(?i)" and "?@" mean? (?i)<.*?@(?P<domain>\w+\.\w+)(?=>) I know that "?" means zero or one and that i sets case insensitivity. This regex captures domains from an email address in …

Read More
Splunk how to combine two queries and get one answer

I am very new to Splunk and basically been dropped in the deep end!! also very new to language so any help and tips on the below would be great. The out come i am trying to get is to …

Read More
Filtering splunk results using results of another splunk query

I want to use a query in splunk, extract a list of fields and then use these result fields to further filter my subsequent splunk query. How do I do this?

Read More