I am new to splunk .
I am trying to search some events in splunk,What I want is get all results which have field "co_relation_id" .One "co_relation_id" value is present in 4 to 6 different events.
I want to filter (sub search from those 4 to 6 records) and get just one specific record for each unique co_relation_id.
What function shall I use here,I need to use some specific search criteria for my sub-search
for instance when I type "co_relation_id" in search bar I get following results:
co_relation_id="A" record 1 co_relation_id="A" record 2 co_relation_id="A" record 3 co_relation_id="A" record 4 co_relation_id="B" record 1 co_relation_id="B" record 2 co_relation_id="B" record 3 co_relation_id="B" record 4
From all above I want two records co_relation_id="A" record 4 and co_relation_id="B" record 4
Thanks,