Splunk Enterprise

Compare two fields and do not display if the values ​​are the same.

leandromatperei
Path Finder

Hey Guys,

I have the query below that brings me the values ​​of the fields in a table, however I need that when the field "name_genesys" is equal to the field "user_genesys" cannot be displayed in the table, is there any way to restrict this view?

 

index=teste
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  | sort - _time

 

 

Results:

_time object_genesys name_genesys DBID_genesys type_genesys configuration_genesys user_genesys

2020-10-15 14:04:11.259cfg1default134452ConfigurationServercsp243default
2020-10-15 14:04:09.364cfg212343443434Configureagd_tm3agent1

 

Labels (1)
Tags (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Use a where clause to filter out undesired events.

index=teste
| where NOT name_genesys=user_genesys
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  
| sort - _time

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Use a where clause to filter out undesired events.

index=teste
| where NOT name_genesys=user_genesys
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  
| sort - _time

 

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...