SPL
Find duplicate events
Description
0 0
index=<specify index> | eval x=sha256(_raw) | stats count values(host) values(source) values(sourcetype) values(index) by x | where count>1
GoSplunk SPL + dashboard repository
SPL
index=<specify index> | eval x=sha256(_raw) | stats count values(host) values(source) values(sourcetype) values(index) by x | where count>1
Comments
0 total
Be the first to comment on this SPL.
Leave a comment
You must log in to post a comment.