https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358460#M105975 <P>Hello,</P> <P>try this..</P> <P>| inputlookup file1 | join type=outer field1 [| inputlookup file2 | eval field1=case(field3 == "application file", "application support", field3 == "cto maintenance", "technology maintenance") | stats count by field1] | table field1 field2 count</P> Fri, 10 Nov 2017 06:44:28 GMT anjambha 2017-11-10T06:44:28Z https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358458#M105973 <P>I have a requirement like this</P> <P>from file1.csv lookup file i am getting 2 fields<BR /> field1 field2 </P> <HR /> <P>"application support" 1<BR /><BR /> "technology maintenance" 3<BR /> "enterprise platform" 4</P> <P>file2.csv file has many fields out of which one of the field name field3 has data like this</P> <H2>filed3 </H2> <P>"application file"<BR /> "cto maintenance"<BR /> "application file"<BR /> "application file"<BR /> "application file"<BR /> "enterprise security"<BR /> "enterprise security"</P> <P>Now if field1="application support" search for word "application" in file2.csv in field3 And since we got a pattern match for word application now i need the count saying how many "application file" values are there in field3 of file2.csv and get the resulting table as below. </P> <P>field1 field2 field3</P> <HR /> <P>"application support" 1 4<BR /> "technology maintenance" 3 1<BR /> "enterprise platform" 4 2</P> Thu, 09 Nov 2017 15:57:12 GMT https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358458#M105973 surekhasplunk 2017-11-09T15:57:12Z https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358459#M105974 <P>Couple of questions:<BR /> (1) Is this something you're doing once and could handle a multi-step process, or something you want to run over and over?<BR /> (2) How many entries are in file1? A small handful, or a very long list?<BR /> (3) In all of your examples, the position of the word in <CODE>field1</CODE> from file1.csv matches the position of matching words in <CODE>field3</CODE>. For example, "application support" matches against "application file" - would it also match against "file application" if such an entry existed in <CODE>field3</CODE>?</P> Thu, 09 Nov 2017 18:04:43 GMT https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358459#M105974 elliotproebstel 2017-11-09T18:04:43Z https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358460#M105975 <P>Hello,</P> <P>try this..</P> <P>| inputlookup file1 | join type=outer field1 [| inputlookup file2 | eval field1=case(field3 == "application file", "application support", field3 == "cto maintenance", "technology maintenance") | stats count by field1] | table field1 field2 count</P> Fri, 10 Nov 2017 06:44:28 GMT https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358460#M105975 anjambha 2017-11-10T06:44:28Z https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358461#M105976 <P>Thank you very much @anjambha it worked </P> Fri, 10 Nov 2017 12:59:02 GMT https://community.splunk.com/t5/Splunk-Search/lookup-two-csv-pattern-match-query/m-p/358461#M105976 surekhasplunk 2017-11-10T12:59:02Z