In this video I have discussed about the dedup command in splunk.
With the dedup command, you can specify the number of duplicate events to keep for each value of a single field, or for each combination of values among several fields. Events returned by dedup are based on search order. For historical searches, the most recent events are searched first. For real-time searches, the first events that are received are searched, which are not necessarily the most recent events.
Queries used in this video can be downloaded from the below repo,
github.com/siddharthajuprod07/youtube/tree/master/dedp_command