Find distinct x and corresponding y

Question

I have a set of records with multiple duplicate values across two fields X, and Y. I would like to write a splunk query to find distinct X, and its corresponding Y value. I am completely lost, and have no clue on how to come up with this query. Can someone please help?

score 4 · Answer 1 · answered Apr 03 '14 at 14:15

4

What you're looking for is probably as simple as

| dedup X Y | table X Y

This will find all distinct combinations of X and Y and remove all duplicates, then display the result in a table.

answered Apr 03 '14 at 14:15

Syon

7,205
5
36
40

Perfect.. Thanks :) – Breen ho Sep 18 '18 at 07:47

score 2 · Answer 2 · answered Jun 16 '17 at 14:43

stats values(x) by y

or

stats values(y) by x

Depending on how you want to view the data. Per Splunk documentation, "In a distributed environment, stats is likely to be faster, because the indexers can "prestats" before sending their results to the search head"

score 0 · Answer 3 · answered Apr 03 '14 at 07:50

0

give these two links a bash!

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Dedup

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/CommonStatsFunctions

answered Apr 03 '14 at 07:50

Jonathan

11
3

Find distinct x and corresponding y

3 Answers3