Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: Inputlookup CSV two files, mapp table1 (file1)...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
i`m new in splunk - i do not find the answer here in > answers
as my list_2 do have some other account information, i need to compare two lists
the search should be:
- show me all identical numbers (accountId) from table 1 (field1) in list_1 and, in list_2 (also in table/field1 - accountId).
file_1.csv
accountId
123
234
345
file_2.csv
accountId, Name, City, accountId2
123, John, Texas,BA001
999, Paul, Vienna,BA009
345, Emma, New York,BA008
567, Smith, Indiana,BA004
Result should be:
Show me all customer, that are in file_1 AND file_2 (in table accountId).
The result should show also the information like accountId, name, city - taken from the list_2
in this example:
accountId, Name, City
123, John, Texas,BA001
345, Emma, New York,BA008
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@buzek,
Try this
|inputlookup file1.csv| lookup file2.csv accountId OUTPUT Name, City|where Name!=""
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@buzek,
Try this
|inputlookup file1.csv| lookup file2.csv accountId OUTPUT Name, City|where Name!=""
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you so much - works!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
and, how is the query:
show me all that are in list_1 but NOT in list 2?
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i think i got it:
(the table INC is new in my list - INC = Incident Number)
|inputlookup test_file1.csv | lookup file2.csv accountId OUTPUT Name, City, INC|where accountId!=""
| fillnull value=null INC | stats count by INC | where INC="null"
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
