Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Compare two fields tables

gauravmishra15
Path Finder
‎10-05-2017 08:05 PM

I have one saved search which returns list of successful job runs e.g

jobname
A
B
C
D

I also have a lookup table with list of all the jobs

jobnames
1
A
2
B
8
C
X
5

I am looking for a way to identify which jobs were not successful. Can we achieve this in SPLUNK ?

0 Karma
Reply

gauravmishra15
Path Finder
‎10-06-2017 04:43 AM

Thanks Sekar !

The first part of command I have is a savedsearch which returns table or set of fields, JobName is one of them. JobName is one of the fields.I tried to table or field+ to expose only jobname field. Something like this

| savedsearch "XYZ" NOT [| inputlookup JobnamesAll.csv | fields jobnames]

but no luck so far.

0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-05-2017 08:21 PM

Sure, we can achieve this in Splunk.. Please check - 

  source="OKjobnames" NOT [| inputlookup JobnamesAll.csv | fields jobbames]
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...