How do you compare two CSV files?

hjsabdjahbd · ‎12-06-2018

I have two CSV files: vuln_10_2018 vuln_11_2018, both with the same fields.

I want to compare the files and create a table that shows the lines with the same results.

The fields "Host, Port, protocol, PID and CVE" are my key fields, and the search must be based in these fields to show the persistent results.

Can someone please help me?

hjsabdjahbd · ‎01-09-2019

I did with this query:

source="source that i am comparing" [search source="source that a want to compare" rest of the query creating a table] rest of the query with the result that a want.

martin_mueller · ‎12-11-2018

Assuming you have both files indexed,

source=vuln_10_2018 OR source=vuln_11_2018
| stats dc(source) as source_count by Host Port protocol PID CVE
| where source_count=2

dkeck · ‎12-06-2018

Check this out | set diff

hjsabdjahbd · ‎12-06-2018

It does not work, i do not want to show the differences, but the similarities.

hijacob · ‎12-06-2018

Hi,

Greetings,
Jacob

hjsabdjahbd · ‎12-06-2018

No, I have to bring this visualization in a Splunk Dashboard.

hijacob · ‎12-06-2018

hjsabdjahbd · ‎12-06-2018

I already tried this way, but it did not work 😕