Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Compare columns in same table

carlospalma03
Engager
‎02-25-2020 04:00 PM

Hello, I have the following table:

column1 column2

Andrew Andrew
George George
Paris Berlin

I would like to get as output the following:

column 1 column2

Paris Berlin

Tables come from the use of the | table command

| table column1,column2

Is there any way this can be done?

I tried | table column1, column2 | where NOT match(column1,column2) but no results are found

0 Karma
Reply

oda
Communicator
‎02-25-2020 04:56 PM

Try the following command.

| table column1, column2 |where column1!= column2

Reply

carlospalma03
Engager
‎02-26-2020 11:09 AM

Turns out that one of my column names came from a json. Something like this:
|spath "object.property"| ....|table "object.property",column2

and oda's solution was not working at first until I did

|spath "object.property" output column1 | table column1,column2

My bad for not providing more info. Looks like to compare both things have to be strings and for some reason you cannot just use the path in the json

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...