Solved: Compare two fields and do not display if the value...

leandromatperei · ‎10-15-2020

Hey Guys,

I have the query below that brings me the values of the fields in a table, however I need that when the field "name_genesys" is equal to the field "user_genesys" cannot be displayed in the table, is there any way to restrict this view?

index=teste
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  | sort - _time

Results:

_time object_genesys name_genesys DBID_genesys type_genesys configuration_genesys user_genesys

2020-10-15 14:04:11.259	cfg1	default	134452	ConfigurationServer	csp243	default
2020-10-15 14:04:09.364	cfg2	123434	43434	Configure	agd_tm3	agent1

richgalloway · ‎10-15-2020

Use a where clause to filter out undesired events.

index=teste
| where NOT name_genesys=user_genesys
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  
| sort - _time

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎10-15-2020

Use a where clause to filter out undesired events.

index=teste
| where NOT name_genesys=user_genesys
| table  _time, object_genesys, name_genesys, DBID_genesys, type_genesys, configuration_genesys, user_genesys  
| sort - _time

---
If this reply helps you, Karma would be appreciated.

Compare two fields and do not display if the values are the same.

using Splunk Enterprise

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Compare two fields and do not display if the values ​​are the same.

using Splunk Enterprise

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Compare two fields and do not display if the values are the same.