Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to remove repeated values from my search?

ranjithan
Path Finder
‎02-11-2022 01:53 AM

My Query is 

index=windows Type=Disk host IN (abc) FileSystem="*" DriveType="*" Name="*"
| dedup host, Name
| table _time, host, Name
| sort host, Name
| join type=left host [| search index=perfmon source="Perfmon:CPU" object=Processor collection=CPU counter="% Processor Time" instance=_Total
host IN (abc)
| convert num(Value) as value num(pctCPU) as value
| stats avg(value) as "CPUTrend" max(value) as cpu_utz by host
| eval "Max Peak CPU" = round(cpu_utz, 2)
| eval "CPUTrend"=round(CPUTrend, 2)
| fields - cpu_utz
| sort -"Peak CPU"
| rename "Max Peak CPU" AS "maxCPUutil"
| dedup "maxCPUutil"
| table _time, host, "maxCPUutil"]
| table host, "maxCPUutil", Name


I have this below output

host maxCPUutil Name

host                               maxCPUutil       Name
abc                                  5.59                       c:
abc                                  5.59                       E:
abc                                   5.59                       F:

What i want is

my result has multiple hosts.. Not single host. Output should be 

1. abc 35.16 C:
2.                    ‌😧‌

3.                    E:
4. def 45.56 C:
5.                       I:
6.                      J

Please help me remove the repeated values for drive letter. I need it only once for single host 

Labels (3)
Labels
Tags (2)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-11-2022 10:07 PM

This one was already asked during last few days. I asked then and I'll ask here again - what's the point?

I understand that you want separate result lines with disk names only - no other fields. How will you be able to tell which host it is from?

0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎02-11-2022 06:10 PM

Instead of table, use stats:, group by fields you feel the value should be unique, like

| stats values(Name) as Drives by host, "maxCPUutil"

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...