Re: How to compare two CSVs and see what's missing...

russell120 · ‎10-24-2018

Hi, consider these two CSVs

septemberheros.csv:

name    alias       best_power       origin
clark   superman     flight          krypton
bruce   batman       wealth          earth
diane   wonderwoman  strength     paradise_island

octoberheros.csv

name    alias       best_power       origin
clark   superman    ice_breath       krypton
diane   wonderwoman  strength     paradise_island

I need a search that will compare these two CSV files and display events that are missing/changed from the first CSV file (septermberheros.csv). With this example the result should look like this since the batman row was deleted and flight was changed to ice_breath in the superman row:

name    alias       best_power       origin
clark   superman     flight          krypton
bruce   batman       wealth          earth

russell120 · ‎10-24-2018

Additional note for context: My real data has thousands of events. Each event is a device with an ip, mac, etc. I would just like to be able to compare two inventory CSVs from separate days to see which devices are missing or changed.

somesoni2 · ‎10-24-2018

You'd need a primary key based on which things can be compared, what would that primary key be in your real data? or in your sample data.

russell120 · ‎10-24-2018

@somesoni2 By primary key do you refer to a field(s) or field value(s)? If so, the fields to compare against should be name and alias and best_power and origin (in reality I'd need to see if ip's or mac addresses, etc. have been changed or are missing. But I also need to be able to see that the bruce row has been deleted completely.

How to compare two CSVs and see what's missing from the original?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life