Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create exception list by comparing two tables .

Hema_Nithya
Explorer
‎10-11-2023 09:19 AM

 

 

 

How to get the exception from the below tables. Exception is John who is not HR table .

 

 

User list from the servers.

 

Name ID 
Bill23
Peter24
john 25

 

HR Table 

Name ID 
Bill 23
Peter 24
Anita27
Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-11-2023 09:49 AM

Perhaps something like

| inputlookup servers.csv where NOT [|inputlookup HR.csv | format]
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

yuanliu
SplunkTrust
SplunkTrust
‎10-11-2023 11:08 AM

Using subsearch results in large number of OR operators.  It's probably more economic just doing stats

| inputlookup servers.csv
| eval CSV = "servers"
| inputlookup append=true HR.csv
| fillnull CSV value=HR
| stats values(CSV) as CSV by Name ID
| where mvcount(CSV) == 1 AND CSV == "servers"

(Again, thanks @richgalloway for demonstrating append mode!)

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...