Solved: Re: Compare two fields and exclude if the values a...

Woodpecker · ‎08-28-2023

Hi,

I have two fields: field 1 and field 2

field1 field 2

ABC AA\ABC

DEF DD\DEF

GHI GG\JKL

Now I need to compare both these fields and exlcude if there is a match

So in the above case it should return only
field1 field 2
GHI GG\JKL

Could someone help me on this, please?

Woodpecker · ‎08-28-2023

This solved the issue

| where '%field2'!='field1'

View solution in original post

Woodpecker · ‎08-28-2023

This solved the issue

| where '%field2'!='field1'

ITWhisperer · ‎08-28-2023

| where NOT match(field2,field1)

Woodpecker · ‎08-28-2023

@ITWhisperer ,
Sorry, but this not working in my case

ITWhisperer · ‎08-28-2023

Probably because your example does not adequately reflect your actual data e.g. do you have special characters which would disrupt a regex match?

Woodpecker · ‎08-31-2023

@ITWhisperer yes..

How to Compare two fields and exclude if the values are same?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation