Solved: How to compare multiple files by diff command in s...

sunrise · ‎02-08-2013

I have a question about diff command in search.

Of course though, a diff command compares two files,
I want to compare multiple files.
For example, when three configuration files (a.conf, b.conf, c.conf) were put into an indexer,
I want to compare those files at one search like below.

Compare a.conf with b.conf
Compare a.conf with c.conf
Displays the each differences

Can we loop the command by reading the list file?
Any idea anyone?

Thank you.

dart · ‎02-11-2013

The presentation is not the best, but this does what you want:

index=_internal | head 3 | appendpipe [diff pos1=1 pos2=2 | eval diff = _raw]  | appendpipe [diff pos1=1 pos2=3 | eval diff= _raw] | stats values(diff)

View solution in original post

Rob · ‎03-12-2014

From the class

s=a OR s=b |stats count values(source) BY _raw, lineNum |search (count=1 source!=a) OR (count=2 source!=a)

dart · ‎02-11-2013

The presentation is not the best, but this does what you want:

index=_internal | head 3 | appendpipe [diff pos1=1 pos2=2 | eval diff = _raw]  | appendpipe [diff pos1=1 pos2=3 | eval diff= _raw] | stats values(diff)

sunrise · ‎02-13-2013

Thank you dart for helping me.
I'll try it.

How to compare multiple files by diff command in search?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!