Splunk search for Duplicate Events in Splunk
Copy
index=* | stats count by _raw, index, sourcetype, source, host | where count>1
This search will reveal any duplicate events that are found within Splunk. The output will show you the _raw of the even itself, along with what index and sourcetype it belongs to.
0 comments
[1]
[0]
[1]
[0]
Sign in or Register to submit a comment