Re: How to combine two csv?

siva_1 · ‎09-26-2023

Hi All,

I have two csv files.

File1.csv -> id, operation_name, session_id

File2.csv -> id, error, operation_name

I want to list the entries based on session_id like ->id, operation_name, session_id, error. Basically all the entries from file1.csv for the session_id and errors from file2.csv.

Could you please help how to combine these csv?

Note: I am storing the data to CSV as a output lookup since I couldn't find a way to search these via single query. So trying to join from csv.

ITWhisperer · ‎09-26-2023

session_id doesn't appear to exist in both look ups so you won't be able to "join" using that. If you mean you want to "join" by id, then a simple lookup should work

| inputlookup File1.csv
| lookup File2.csv id

Alternatively, if you want to use both the id and operation name you could try something like this

| inputlookup File1.csv
| lookup File2.csv id operation _name

siva_1 · ‎09-26-2023

@ITWhisperer File1.csv has the session_id.

ITWhisperer · ‎09-26-2023

Exactly! So how do you match entries in File2.csv?

How to combine two csv?

fields

join

subsearch

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?