sourcetype=my-job "Get Connection Details" | spath input=Message | search FileName=* | rename event.Values.Connections{}.ClientName as ThirdParty
This query returns some N number of records, but as soon as I apply below filter
| dedup FileName| table FileName, ThirdParty | fillnull value=N/A | sort ThirdParty desc
Query shows only N-M records.
Hence it is not showing all the ThirdParty in result
I was able to solve the problem temporarily by reducing the log file size.