Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Compare two fields and select value from 3rd filed if the comparison match

Jayadevanprabha
New Member
‎10-19-2014 04:29 AM

I am very new to splunk and need your help in resolving below issue.

I have two CSV files uploaded in splunk instance. Below mentioned is the file and its fileds.

  1. Apple.csv a. A1 b. A2 c. A3
  2. Orange.csv a. O1 (may have values matching with values of A3) b. O2

My requirements is as below

Select set of values of A1,A2,A3 and O2 from Apple.csv and Orange.csv where A1=”X” and A2=”Y” and A3 = O1 and display values in a table.

A1 A2 A3
X Y 123
LP HJK 222
X Y 999

O1 O2
999 open
123 closed
65432 open

Out put

A1 A2 A3 O2
X Y 123 Open
X Y 999 closed

Very much appreciate your help. Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...