Search Reference

Version

Welcome

Search Overview

Search Commands

Custom Search Commands

uniq

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Synopsis
Syntax
Description
Examples
See also

uniq

Synopsis

Keeps only unique results.

Syntax

uniq

Description

Removes any search result that is an exact duplicate with previous result.

Note: For large datasets, you can use the dedup command in place of uniq:

... | dedup _raw

Examples

Example 1: For the current search, keep only unique results.

... | uniq

See also

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.4/SearchReference/Uniq"

« typer untable »

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!