Deployment Architecture

How to determine if it matches the value of another field?

Uryy
Engager

I want to keep it in field A (or any other field) only if there is a matching column in field A and field B, as shown in the figure below. It seems good to use the "foreach" statement, but I don't know how to implement it.

NoField AField B
1100 
2200 
3300 
4 100
5 4000
6 5000

 

Extract only the No. 1 column.

NoField AField B
1100 
Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi please try something like this:

your_search
| eval no_field1=no, field_merged=coalesce(field1, field2)
| stats values(no_field1) AS no values(field1) AS field1 count BY field_merged
| where count>1
| table no field1

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...