Hi,
We're parsing logs with the GROK filter and have set the option "brean_on_match" to false. This allows us to be absolutely sure that we don't miss a field but at the same time allows for multiple matches in a single message. That will then result in duplicate values for certain fields, for example:
SrcIP: 192.168.1.234, 192.168.1.234
Is there a way we can check if there are multiple values in a field and only keep the first one?