distinct - Return one row per unique value

The distinct operator returns one row for each unique value. This is especially useful for reporting purposes.

Note

This operator is functionally identical to groupby without any aggregate functions.

Syntax

distinct <expression> [as <alias>] [, <expression_2> [as <alias_2>], ...]

Example - Get list of active users

If we want to see a list of the users who have been active in a given timeframe, we can use the distinct operator to produce a list of unique usernames:

source logs 
| filter username != null 
| distinct username as active_users

This will produce a list of unique usernames:

{
    "active_users": "Chris"
},
{
    "active_users": "Dave"
},
{
    "active_users": "Maria"
}

dedupeby

Next enrich