Hi, I have an "asset discovery" type of query that uses a CSV and 4+ indexes, and produces tens of thousands of results look similar to this:
id device serial origin
111 routerAlpha 12345 sales
routerAlpha 12345
222 switchBeta 78787 devops
switchBeta 78787
desktopSigma 44444
desktopSigma 44444
serverTheta 55555
How do I:
1) Remove all events that have a `serial` with a null `id` **IF** the same `serial` appears again in an event *with* a numerical id
2) Then, deduplicate all other events that have a `serial` # with a null `id`
The result should look like this:
id device serial origin
111 routerAlpha 12345 sales
222 switchBeta 78787 devops
desktopSigma 44444
serverTheta 55555
↧