Hey, Fellow Splunkers
I have multiple duplicated events, all data on the event is identical to the exception of the time. I'm attempting to filter based on Alert ID; however, both events have the same alert id, but different times and Duration: for example:
Oct 31 00:16:50 alert: 123 Duration 200
Oct 31 00:18:50 alert: 123 Duration 300
Does Splunk have a compare operator to SORT the differences between the time or Duration which will help me eliminate the duplicates? The only concept the Duration could be random.
Thank You,
↧