Solved: Re: How to add values from two CSV files?

fzhao2 · ‎01-29-2018

I have multiple tables, can I add/OR/AND... on each cell of all the tables?

For example, if I have below two tables, and add the corresponding cells,
file1.csv

row_id,0,2,4
0,     0,1,1
2,     0,0,1

file2.csv

row_id,0,2,4
0,     0,1,1
2,     0,1,0

The expected output is:

row_id,0,2,4
0,     0,2,2
2,     0,1,1

Thanks a lot!

elliotproebstel · ‎01-29-2018

Generally speaking, it's not a great idea to name your fields (or, in this case, your columns) with numbers, because that will make difficult code in Splunk. But in this case, you won't actually need to reference them directly at all:

| inputlookup file1.csv
| append 
 [ | inputlookup file2.csv ]
| stats sum(*) AS * BY row_id

View solution in original post

elliotproebstel · ‎01-29-2018

Generally speaking, it's not a great idea to name your fields (or, in this case, your columns) with numbers, because that will make difficult code in Splunk. But in this case, you won't actually need to reference them directly at all:

| inputlookup file1.csv
| append 
 [ | inputlookup file2.csv ]
| stats sum(*) AS * BY row_id

fzhao2 · ‎01-30-2018

Thanks so much!

How to add values from two CSV files?

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination

Are you a member of the Splunk Community?

How to add values from two CSV files?

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Pro Tips for First-Time .conf Attendees: Advice from SplunkTrust

Raise Your Skills at the .conf25 Builder Bar: Your Splunk Developer Destination