In splunk, there is a command called dedup, followed by a field name. How do you do this in elk?
What are you trying to do?
I'm trying to get it so that for every value in a field (for example, for every individual ip address), it only shows the first result.
Then look at doing an aggregation of some sort on the IP field.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.