Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to combine two lookups for a report?

revanthammineni
Path Finder
‎09-22-2020 01:26 PM

Hi Everyone,

I'm working on combining two lookups for a certain report.

My question is:

Let's say I have a first  look up named hosts.csv with hosts a,b,c,d,e,f

and I have a second lookup decom.csv with hosts a,b,c.

 

I want to compare two lookups  and take off the values of second lookup in the first lookup. So, I should get just the "d,e,f"..

Please help me how to solve this.

TIA.

Labels (1)
Labels
Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-22-2020 01:50 PM

Here's one untested way to do it.  It assumes both lookups have the same column name "foo".

| inputlookup hosts.csv where NOT [ | inputlookup decom.csv | fields foo | format ]

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

revanthammineni
Path Finder
‎09-23-2020 09:58 PM

Thanks for the reply. May I know why we are using format command here. I know, that format puts the data into  a single value but I don't really understand why you suggesting here.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...