Re: File Compare and Display - Page 2

akankshayadav · ‎06-17-2021

Consider, i have two files. File1 and File2

File1 and File2 got indexed last month with events in file1 say A ,B and events in file2 say C,D .

They again got indexed today, file1 with same events A and B but file2 with C,D,E,F. This means that file2 modified version has different events as compared to it's last version.

Now , i need to display in the panel all files like file2 whose current events are different from last events.

Thanks in advance!

ITWhisperer · ‎06-21-2021

akankshayadav · ‎06-20-2021

Yes i did try . but it isn't getting the answer.
Can you give me an approach that I can get the names of files whose events are different in different versions.
File 1 - before had events- A B today has A C

File 2- before had - X Z today also X Z

My output desired is File1 displayed

File Compare and Display

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation