Splunk Search

Compare two fields and select value from 3rd filed if the comparison match

Jayadevanprabha
New Member

I am very new to splunk and need your help in resolving below issue.

I have two CSV files uploaded in splunk instance. Below mentioned is the file and its fileds.

  1. Apple.csv a. A1 b. A2 c. A3
  2. Orange.csv a. O1 (may have values matching with values of A3) b. O2

My requirements is as below

Select set of values of A1,A2,A3 and O2 from Apple.csv and Orange.csv where A1=”X” and A2=”Y” and A3 = O1 and display values in a table.

A1 A2 A3
X Y 123
LP HJK 222
X Y 999

O1 O2
999 open
123 closed
65432 open

Out put

A1 A2 A3 O2
X Y 123 Open
X Y 999 closed

Very much appreciate your help. Thanks

Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

View solution in original post

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...