Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to View Endpoint LogsHow to Use Audit LogsHow to Use Agent LogsWhere to Find PostgreSQL LogsAdvanced Log and Log Location Information for Power UsersWhat are common errors shown in the Agent Log and how do I fix them?Can I Export Agent Log Data for External Analysis?Can I export Audit Log data for External Analysis?How do I export Audit Log data via the Web API?Can I customize which events appear in the Audit Log?Can I schedule automated exports of Audit Log data?Is there a sample script for API-based audit log export?Guide to Analyzing Logs and Generating Graphs in Time IntervalsIs There a Sample Script for Exporting Agent Log Data?What are Best Practices for Managing Large Log Exports?Is There an Example of Filtering Logs by Severity?What are best practices for storing and securing exported log data?What Tools Integrate Well with Spirion for Log Integrity VerificationIs There a Sample Script for Hash Verification?
PowerBI
Can the information within a Gather Data file be viewed in a third-party tool such as PowerBI?What Charts are Most Useful when using a tools like PowerBI?Power Query (M) Script in PowerBI for Log AnalysisHow do I parse an Agent Log in PowerBI?How can I detect duplicate log entries in PowerBI?How do I compare two log files in PowerBI?How do I compare timestamps across files?What if timestamps are missing from my Spirion Logs?How should I handle null rows?Example of a Power Query Script in PowerBIHow do I sort Logs Chronologically in PowerBI?How do I handle mixed timestamp formats in PowerBI?
How to Manage Users and Roles
Reports
Settings and Resources
Additional Resources
Release Notes
Reporting API
Customer Support Articles

How can I detect duplicate log entries in PowerBI?

Detecting duplicate log entries is critical when working with Spirion "Gather Data" files because you may accidentally ingest the same log files from multiple troubleshooting sessions, or the agent may have "rolled" a log while you were collecting it.

In Power BI, there are 3 primary ways to detect and handle these duplicates:

1. The "Remove Duplicates" Tool (The Quickest Way)

Power BI has a built-in feature to find identical rows.

  • How to do it: In Power Query, select the columns that make a log entry unique—typically Timestamp, Level, and Message. Right-click one of the headers and select Remove Duplicates.
  • What it does: It looks for rows where those three specific values are identical and keeps only the first one it finds.
  • Warning: Do not include the Source.Name (filename) column when doing this. If the same log entry exists in IDF.log and IDF.log.1 (which happens during rotation), including the filename will make them look "different" to Power BI, and the duplicate will remain.

2. The "Duplicate Count" Measure (The Visual Way)

If you want to see how many duplicates exist before deleting them, you can create a simple count.

  • How to do it: Create a table visual in Power BI. Add Timestamp and Message to the rows. Then, add the Message column again, but change its aggregation to Count.
  • What to look for: Any row with a count higher than 1 is a duplicate.
  • Why this is useful: It helps you verify if the duplication is a "data ingestion error" (you loaded the same folder twice) or a "product behavior" (the agent is repeating the same error message rapidly).

3. The "Index and Buffer" Method (The Advanced Way)

If you are worried that "Remove Duplicates" is being too aggressive, you can use an Index column to see exactly which file provided which version of the duplicate.

  • How to do it:
    1. In Power Query, sort your data by Timestamp (Ascending).
    2. Go to Add Column > Index Column (from 1).
    3. Now, if you find two identical log messages, the one with the lower Index number is the original, and the higher number is the duplicate.
  • Benefit: This enables you to "Audit" your duplicates. You can see if duplicates always happen during a specific time window (like a log rotation event).

Best Practice: Defining a "True" Duplicate

In Spirion logs, it is possible for an Agent to generate the exact same message at the exact same second (for example, scanning two very small files in the same second).

To avoid accidentally deleting real data, use all four of these criteria to define a duplicate:

  1. Timestamp (Date and Time)
  2. Level (INF/ERR)
  3. Message (The actual log text)
  4. Agent Name (If you are looking at logs from multiple machines)

Summary Checklist for Duplicates

  • Step 1: Parse your logs so Timestamp and Message are in separate columns.
  • Step 2: Select Timestamp and Message.
  • Step 3: Use Remove Duplicates in Power Query.
  • Step 4: Exclude Source.Name from the selection so that rotated files are cleaned properly.

Summary: Use the Remove Duplicates feature in Power Query on the Timestamp and Message columns simultaneously. This ensures that identical events across rotated log files are collapsed into a single, accurate record.

Was this article helpful?

Powered by Product Fruits