Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I diff two CSVs?

daniel333
Builder
‎11-03-2017 06:34 PM

all,

I have two CSV and I want to just get the diff between then. Any idea how I tackle this?

thanks,
-Daniel Wilson

Tags (2)
0 Karma
Reply

koshyk
Super Champion
‎11-04-2017 07:27 AM

Another method is to do a outer join and filter search which doesn't have a common field

#states1.csv 
state_code,state_name
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas
DC,District of Columbia
FL,Florida

and say , we need to find the diff to another csv

#states2.csv 
state_code,state_name
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas

Now if you do a join, and then look the output, you can find null values in fields which doesn't match. Just filter them.

| inputlookup states1.csv | eval file1="states1"| join type=outer state_code [ | inputlookup states2.csv | eval file2="states2"]| search NOT (file2=*)
0 Karma
Reply

peterchenadded
Path Finder
‎11-03-2017 07:59 PM

Try the set diff command

http://docs.splunk.com/Documentation/Splunk/7.0.0/SearchReference/Set

You will want to add an id column if order is important.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...