I know Spunk has a keyword of ‘uniq’ that you can apply to a search so that only unique values are returned for a search. I would like to accomplish the same with a Graylog search, but I do not see a way to do it. I’m aware of the quick values option, but that won’t satisfy my use case.
My use case is that I have a search that pulls back a list of username values for our VPN stream and I want the search to only pull back unique hits on the username field.
Is there a way to accomplish this?