Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do you compare two CSV files?

hjsabdjahbd
Observer
‎12-06-2018 03:21 AM

I have two CSV files: vuln_10_2018 vuln_11_2018, both with the same fields.

I want to compare the files and create a table that shows the lines with the same results.

The fields "Host, Port, protocol, PID and CVE" are my key fields, and the search must be based in these fields to show the persistent results.

Can someone please help me?

0 Karma
Reply

hjsabdjahbd
Observer
‎01-09-2019 07:45 AM

I did with this query:

  • source="source that i am comparing" [search source="source that a want to compare" rest of the query creating a table] rest of the query with the result that a want.
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎12-11-2018 11:06 AM

Assuming you have both files indexed,

source=vuln_10_2018 OR source=vuln_11_2018
| stats dc(source) as source_count by Host Port protocol PID CVE
| where source_count=2
0 Karma
Reply

dkeck
Influencer
‎12-06-2018 09:36 AM

Check this out | set diff

https://answers.splunk.com/answers/56586/list-difference-between-two-csv-files.html

0 Karma
Reply

hjsabdjahbd
Observer
‎12-06-2018 10:26 AM

It does not work, i do not want to show the differences, but the similarities.

0 Karma
Reply

hijacob
Communicator
‎12-06-2018 05:43 AM

Hi,

if you want to do it once and on a easy way you can use Excel...
https://www.mrexcel.com/forum/excel-questions/85861-comparing-two-excel-csv-documents.html

Greetings,
Jacob

0 Karma
Reply

hjsabdjahbd
Observer
‎12-06-2018 05:55 AM

No, I have to bring this visualization in a Splunk Dashboard.

0 Karma
Reply

hijacob
Communicator
‎12-06-2018 06:19 AM

maybe this answer solves your problem? https://answers.splunk.com/answers/352921/how-do-i-search-and-compare-fields-from-two-differ.html

0 Karma
Reply

hjsabdjahbd
Observer
‎12-06-2018 09:24 AM

I already tried this way, but it did not work 😕

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...