Filtering duplicate entries from Splunk events

I am new to splunk and have got some splunk events as below

2019-06-26 23:45:36 INFO ID 123456 | Response Code 404 2019-06-26 23:55:36 INFO ID 123456 | Response Code 404 2019-06-26 23:23:36 INFO ID 258080 | Response Code 404

Is there way to filter out the first two events as they have the same ID 123456 and view them as one event? I tried something which I know is completely wrong, suggestions might be very useful on this.

index=myindex "Response Code 404" | rex field=ID max_match=2 "(?<MyID>\b(?:123456)\b)" | stats count by ID MyID | where count > 1

Solution

That's not completely wrong. It's one of the legitimate ways to remove duplicates. Here's another:

index=myindex "Response Code 404"  
| rex field=ID max_match=2 "(?<MyID>\b(?:123456)\b)" 
| dedup MyID

Using dedup is often preferred because it doesn't remove fields the way stats does.

How to set a token on a post-process query?
How to do cross validation and counts between two search queries using Multisearch
Formatting the timezone in a way that is parseable
How to show result of a count within a count in Splunk
Splunk Rex Expression
Monolog - each line of log is logged as a new entry
Combine paths to one output in Splunk
How to determine the length of an array field in Splunk?
Splunk sub search join returning null values
Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
login-info.cfg Splunk file semantic and structure
Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
query splunk query joining 2 data tables
Form a results table view from splunk multiple logs
Exclude unnecessary logs being sent to splunk cloud platform
How to Attach Splunk Search Results In JIra Via Terraform Automation?
Regex Substitue only on a specific group - sedcmd (Splunk)
Regex to only return matches when followed by a specific word
embeding conf files into helm chart
Splunk Logs for Faster Queries, with Category Boolean true
How to create a timechart in splunk for the timestamp and extracted field?
Match regex named group up until optional word
How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
Splunk result in Table format
Splunk: How to compute the difference of timestamps by id?
SPLUNK: How can I count events by location with a list of SERVERNAME's?
How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
Java 11 HttpClient - POST issue
Flume sink to Splunk?
Questions related to splunk builtin macros in correlation search