Duplicate Results In Splunk. 2 review what were going to delete inputlookup delete_thesecsv. The Dedup command in Splunk removes duplicate values from the result and displays only the most recent log for a particular incident.
Xyseries Splunk Documentation from docs.splunk.com
For example the numbers 10 9 70 100 are sorted lexicographically as 10 100 70 9. Numbers are sorted based on the first digit. Splunk wont do any comparisons like that that would lead to horrible performance.
When you untable a set of results and then use the xyseries command to combine the results.
For search results that have the same source value keep the first 3 that occur and remove all subsequent results. With the splunk employees help I have manually updated my outputsconf to the following and I am no longer getting duplicate events. Get in touch with Mindmajix for the definitive Splunk Training. Filter and re-arrange how Splunk displays fields within search results.
