Solved: Compare two field values and get matching third va...

ckunath · ‎04-09-2017

Hello,

i'm trying to do a search and then compare my result with a table from a .csv file (contains a table with ids and text for each id).
My search:

index=foo eventid=200 | append [|inputlookup ids.csv] | table eventid id text

This gets me a table like this:

eventid | id | text
10      |    |
        | 1  | text1
        | 2  | text2

[...]

How can I change my search to make the table look like this?

id | text
10 | text10

Thanks in advance!

lguinn2 · ‎04-10-2017

If you want to get a matching value from a table, you need to use the lookup command.

 index=foo eventid=200 
| lookup ids.csv eventid as id OUTPUT id text
| table eventid id text

lguinn2 · ‎04-10-2017

If you want to get a matching value from a table, you need to use the lookup command.

 index=foo eventid=200 
| lookup ids.csv eventid as id OUTPUT id text
| table eventid id text

ckunath · ‎04-10-2017

Thanks a lot for the quick response! Works as intended.

Compare two field values and get matching third value from table