Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

List comparsion of field values

skillfulobj
Explorer
‎04-27-2021 04:33 AM

sample event 1:
id:12345
fcount:20
component:value1
time:2021:04:26

sample event2:
id:12346
fcount:200
component:value2
time:2021:04:26

sample event 3:
id:12347
fcount:20
component:value1
time:2021:04:27

sample event 4:
id:12348
fcount:200
component:value3
time:2021:04:27


i have list of values for my field "component" , lets say i have value1 , value2 , value3... value15 , which are coming part of my events

for given a day my events are related only to components of value1, value2 , i want to display the components which are not received for the particular given day

Example : in above 4 events on 2021:04:26 i got components of value1 and value2 where i didnt receive components for value3..to value 15 , i want to display them which not received

Tags (2)
0 Karma
Reply

skillfulobj
Explorer
‎04-27-2021 04:45 AM

@MuS  could you please share your thoughts on this

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...