Solved: How to Compare two fields and exclude if the value...

Woodpecker · ‎08-28-2023

Hi,

I have two fields: field 1 and field 2

field1 field 2

ABC AA\ABC

DEF DD\DEF

GHI GG\JKL

Now I need to compare both these fields and exlcude if there is a match

So in the above case it should return only
field1 field 2
GHI GG\JKL

Could someone help me on this, please?

Woodpecker · ‎08-28-2023

This solved the issue

| where '%field2'!='field1'

View solution in original post

Woodpecker · ‎08-28-2023

This solved the issue

| where '%field2'!='field1'

ITWhisperer · ‎08-28-2023

| where NOT match(field2,field1)

Woodpecker · ‎08-28-2023

@ITWhisperer ,
Sorry, but this not working in my case

ITWhisperer · ‎08-28-2023

Probably because your example does not adequately reflect your actual data e.g. do you have special characters which would disrupt a regex match?

Woodpecker · ‎08-31-2023

@ITWhisperer yes..

How to Compare two fields and exclude if the values are same?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation