Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Outputnew: How do I compare two Fields in two Lookup tables?

russell120
Communicator
‎09-07-2018 09:56 AM

Hello,

I need help finding out how I can display field values of one lookup that are not present in the same-named field as another lookup.

Ex: lookup1.csv has the below data.
Field: colors
red
orange
yellow

Ex: lookup2.csv has the below data.
Field: colors
orange
red
green
blue

The results should display yellow because yellow is a value within the colors field of lookup1.csv , but is not a value in the colors field of lookup2.csv.

Thanks.

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

russell120
Communicator
‎09-07-2018 10:31 AM

|inputlookup lookup1.csv
|lookup lookup2.csv colors OUTPUTNEW colors as Missing_Colors
|where isnull(Missing_Colors)

Ah, this did the trick.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

russell120
Communicator
‎09-07-2018 10:31 AM

|inputlookup lookup1.csv
|lookup lookup2.csv colors OUTPUTNEW colors as Missing_Colors
|where isnull(Missing_Colors)

Ah, this did the trick.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...