Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Compare two fields and select value from 3rd filed if the comparison match

Jayadevanprabha
New Member
‎10-19-2014 04:29 AM

I am very new to splunk and need your help in resolving below issue.

I have two CSV files uploaded in splunk instance. Below mentioned is the file and its fileds.

  1. Apple.csv a. A1 b. A2 c. A3
  2. Orange.csv a. O1 (may have values matching with values of A3) b. O2

My requirements is as below

Select set of values of A1,A2,A3 and O2 from Apple.csv and Orange.csv where A1=”X” and A2=”Y” and A3 = O1 and display values in a table.

A1 A2 A3
X Y 123
LP HJK 222
X Y 999

O1 O2
999 open
123 closed
65432 open

Out put

A1 A2 A3 O2
X Y 123 Open
X Y 999 closed

Very much appreciate your help. Thanks

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎10-19-2014 08:08 AM

I think you're trying to describe a join:

source=Apple.csv | join A3 [source=Orange.csv | rename O1 as A3] | table A1 A2 A3 O2

Usually joining isn't the Splunk way. Depending on your actual use case there may be much better ways.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...