https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642601#M222581 <P>Can you explain what is the desired output? &nbsp;In other words, what does "match" mean in this context? &nbsp;Is this entire exercise between two lookups or will it involve event data?</P> Tue, 09 May 2023 06:21:27 GMT yuanliu 2023-05-09T06:21:27Z https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642539#M222562 <P>Hello,&nbsp;</P> <P>&nbsp;</P> <P>I have 2 different files names lookup1.csv and lookup2.csv, which have column A and column B in both.&nbsp;</P> <P>&nbsp;</P> <P>How can we merge two files using a single word in Column A in both files with a sentence in it?</P> <P>lookup1: Column A: "I am good"&nbsp;</P> <P>lookup2: Column A: "I am bad"&nbsp;</P> <P>I want to combine both the files using a word "I am" in this case.</P> <P>&nbsp;</P> <P>Any help would be appreciated.</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 09 May 2023 14:32:31 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642539#M222562 satyaallaparthi 2023-05-09T14:32:31Z https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642601#M222581 <P>Can you explain what is the desired output? &nbsp;In other words, what does "match" mean in this context? &nbsp;Is this entire exercise between two lookups or will it involve event data?</P> Tue, 09 May 2023 06:21:27 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642601#M222581 yuanliu 2023-05-09T06:21:27Z https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642655#M222591 <P>Hi,&nbsp;</P><P>&nbsp; &nbsp; Entire output will be in between two lookups.&nbsp;<BR /><BR /></P><P>desired output: if there is a word match in between Column A of two files, then I want to display “yes” in a new Column called Matching_word and “no” if there is no word match.&nbsp;<BR /><BR /></P><P>&nbsp;</P> Tue, 09 May 2023 12:40:24 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642655#M222591 satyaallaparthi 2023-05-09T12:40:24Z https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642772#M222628 <P>Splunk may not be the best tool for this task because SPL doesn't have a builtin definition of "word". &nbsp;If I take space as word boundary, you can do something like</P><LI-CODE lang="markup">| inputlookup lookup1 | eval lookup = lookup1 | append [ | inputlookup lookup2 | eval lookup = lookup2] | eval ColumnA = split(ColumnA, " ") ``` assume space is the only word boundary ``` | stats dc(lookup) as sources by ColumnA | stats max(sources) as match | eval match = if(match &gt; 1, "yes", "no")</LI-CODE><P>dc is the basic idea. &nbsp;You can improve/enhance word detection. &nbsp;But there is a limit to what you can do before it becomes labor.</P><P>Hope this helps.</P> Wed, 10 May 2023 08:32:39 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-write-a-search-that-can-match-a-word-from-two-different/m-p/642772#M222628 yuanliu 2023-05-10T08:32:39Z