Splunk Search

How to compare two CSVs and see what's missing from the original?

russell120
Communicator

Hi, consider these two CSVs

septemberheros.csv:

name    alias       best_power       origin
clark   superman     flight          krypton
bruce   batman       wealth          earth
diane   wonderwoman  strength     paradise_island

octoberheros.csv

name    alias       best_power       origin
clark   superman    ice_breath       krypton
diane   wonderwoman  strength     paradise_island

I need a search that will compare these two CSV files and display events that are missing/changed from the first CSV file (septermberheros.csv). With this example the result should look like this since the batman row was deleted and flight was changed to ice_breath in the superman row:

name    alias       best_power       origin
clark   superman     flight          krypton
bruce   batman       wealth          earth
0 Karma

russell120
Communicator

Additional note for context: My real data has thousands of events. Each event is a device with an ip, mac, etc. I would just like to be able to compare two inventory CSVs from separate days to see which devices are missing or changed.

0 Karma

somesoni2
Revered Legend

You'd need a primary key based on which things can be compared, what would that primary key be in your real data? or in your sample data.

0 Karma

russell120
Communicator

@somesoni2 By primary key do you refer to a field(s) or field value(s)? If so, the fields to compare against should be name and alias and best_power and origin (in reality I'd need to see if ip's or mac addresses, etc. have been changed or are missing. But I also need to be able to see that the bruce row has been deleted completely.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...