Re: Correlate value between 2 columns

mfirmanf · ‎04-12-2020

hi, i am a newbie in Splunk here and i am not a native speaker, so please bare my grammar.
can someone explain how to correlate between two columns that is present in a table and remove the other values?

for example table below,
i want to correlate between the Number and Router, because one Number only belongs to one Router.
and the first digit of the Number is correlated to the R(1-7)
for example:
- Number 21938 belongs to SWW- R2 -896
- Number 12439 belongs to HIT- R1 -141

and i need to remove the other value that is not correlated, so there is only one Number, one IP Address and one Router in each row. so the proper table would look like below.

any answer and help would be really appreciated.
thank you.

to4kawa · ‎04-13-2020

....
|eval head_num=substr(NUMBER,1,1), head_r=substr(ROUTER,6,1)
| where head_num==head_r

gcusello · ‎04-13-2020

Hi @mfirmanf,
could you share an example of your logs?
it's difficoult to help you whitout them.

Ciao.
Giuseppe

Correlate value between 2 columns

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation