Splunk Search

How to compare two fields in a event and list out the field when one of the fields does not exist?

bollam
Path Finder

Hello,
I have a multiple events in a log file which contains field A and field B but not in all the events, I need to compare the field B with field A, If field B does not exist in any of the events then I need to list out the field B values.

Tags (3)
0 Karma

woodcock
Esteemed Legend

That last sentence does not seem to make sense. Maybe the last B should be A? Sample events and output mockup for both scenarios will help us help you.

p_gurav
Champion

Can you give sample logs? Or explain with sample values?

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...