根据结果字段/字符串值获取 Splunk Query 的不同结果(过滤结果)
[英]Get distinct results (filtered results) of Splunk Query based on a results field/string value
问题描述
I have a splunk query something like
我有一个类似的 splunk 查询
index=myIndex* source="source/path/of/logs/*.log" "Elephant"
Thus, this brings up about 2,000 results which are JSON responses from one of my APIs that include the world "Elephant" .因此,这会产生大约 2,000 个结果,这些结果是来自我的一个 API 的 JSON 响应,其中包括世界"Elephant" 。 This is kind of what I want - However , some of these results have duplicate carId fields, and I only want Splunk to show me the unique search results这就是我想要的 -但是,其中一些结果有重复的carId字段,我只希望 Splunk 向我显示唯一的搜索结果
The Results of Splunk looks something like this: Splunk 的结果如下所示:
MyApiRequests {"carId":3454353435,"make":"toyota","year":"2015","model":"camry","value":25000.00}
NOW , I just want to filter on the carId 's that are unique.现在,我只想过滤唯一的carId 。 I don't want duplicates.我不想重复。 Thus, I would expect the original value of 2,000 results to decrease quite a bit.因此,我预计 2,000 个结果的原始值会减少很多。
Can anyone help me formulate my Splunk Query to achieve this?谁能帮我制定我的 Splunk 查询来实现这一点?
2 个解决方案
解决方案1
2 2021-05-06 20:11:33
解决方案2
1 2021-05-06 20:06:34
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.