In splunk, there is a command called dedup, followed by a field name. How do you do this in elk?
What are you trying to do?
I'm trying to get it so that for every value in a field (for example, for every individual ip address), it only shows the first result.
Then look at doing an aggregation of some sort on the IP field.