Re: Query on get Combined and Unique Values

Mallik657 · ‎01-30-2024

Hi,

I have database1 and database2, I have query1 to get the data from database1 and query2 to get data from database2. query3 to get unique values from databse2 which doesn't exist in database1.

Now my requirement is to combine the common values in both the databases using a query1 & query2 and also unique values from query2 from database2 which doesn't exist in database1.

Please provide me the Splunk query.

ITWhisperer · ‎01-30-2024

Please share your current searches and some sample events, and what your expected result would look like (anonymised of course)

Mallik657 · ‎01-30-2024

Result should get common in both databases and also unique/rest values from database2. Please help me with query.

Databse1	Database2	Result
A	A	A
B	B	B
C	C	C
D	E	E
E	F	F
	G	G
	H	H

ITWhisperer · ‎01-30-2024

| makeresults count=5
| fields - _time
| streamstats count as row
| eval database1=mvindex(split("ABCDE",""),row - 1)
| fields - row
| appendcols
    [| makeresults count=7
    | streamstats count as row
    | eval database2=mvindex(split("ABCEFGH",""),row - 1)
    | fields - row]
| eval result=database2

Query on get Combined and Unique Values

other

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector