Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to compare two CSV files with multiple rows

vulnfree
Explorer
‎12-04-2019 10:25 AM

I am looking to compare two CSV files to output a change or addition.
Example:

File 1:
User Date Status
Dave 1/1 New
Linda 1/2 Old
Bob 1/3 Old

File 2:
User Date Status
Dave 1/1 Old
Dave 1/2 New
Linda 1/2 Old
Tony 1/8 New

If the user from File 1 matches File 2 and either row "date" and "status" have changed then output that information plus any new additions. Expected output

User Date Status
Dave 1/1 Old
Dave 1/2 New
Tony 1/8 New

0 Karma
Reply

dindu
Contributor
‎12-04-2019 01:36 PM

Hi,
You could use the "join " command to achieve functionality.
Please try the below functionality.Please let us know whether it worked.

index=source_file1 souretype=source_file1
|table Date,Status,User
|join type=inner User 
|[search index=source_file2 souretype=source_file2  
|eval Date_file2=Date,Status_file2=Status
|table Date_file2,Status_file2]
|eval match_date=if(Date_file2==Date,1,0),match_status=if(Status_file2==Status,1,0)
|where match_date=1 OR match_status=1
|table User,Date,Status
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...