Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Compare two fields and select value from 3rd filed if the comparison match

Jayadevanprabha
New Member
‎10-19-2014 04:29 AM

I am very new to splunk and need your help in resolving below issue.

I have two CSV files uploaded in splunk instance. Below mentioned is the file and its fileds.

  1. Apple.csv a. A1 b. A2 c. A3
  2. Orange.csv a. O1 (may have values matching with values of A3) b. O2

My requirements is as below

Select set of values of A1,A2,A3 and O2 from Apple.csv and Orange.csv where A1=”X” and A2=”Y” and A3 = O1 and display values in a table.

A1 A2 A3
X Y 123
LP HJK 222
X Y 999

O1 O2
999 open
123 closed
65432 open

Out put

A1 A2 A3 O2
X Y 123 Open
X Y 999 closed

Very much appreciate your help. Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...