Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to display only matching names from a CSV file with 2 fields?

infra2sec
Path Finder
‎07-26-2016 04:56 PM

Hi,

I'd like to have Splunk display only matching names from my .csv data source which has 2 fields.

I'd like to display only the names that are common from either field.

This is what I have and I am lost after this:

source="some.csv" host="somehost" sourcetype="csv" |

I guess that the fields command might help, but I don't know where to begin.

So you understand what I am trying to do, I have a relative who is related to a bunch of people. Field A shows all the people she is related to. Field B is a list of all of my relatives. Whatever relative names match will help us find the common tie.

Thank you very much in advance!!

Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-26-2016 05:51 PM

If I understand you correctly, after you configure your CSV as a lookup, maybe like this:

source="some.csv" host="somehost" sourcetype="csv" | lookup CSVlookup FieldA OUTPUT FieldB AS BfromA | lookup CSVlookup FieldB OUTPUT FieldA AS AfromB  | where isnotnull(AfromB) OR isnotnull(BfromA)

View solution in original post

Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎07-26-2016 05:51 PM

If I understand you correctly, after you configure your CSV as a lookup, maybe like this:

source="some.csv" host="somehost" sourcetype="csv" | lookup CSVlookup FieldA OUTPUT FieldB AS BfromA | lookup CSVlookup FieldB OUTPUT FieldA AS AfromB  | where isnotnull(AfromB) OR isnotnull(BfromA)
Reply
Solved! Jump to solution

infra2sec
Path Finder
‎08-01-2016 03:49 AM

I ended up using some excel functionality to make it happen. I can't quite remember what happened when I tried. Sorry that I forgot to come back and provide feedback.

I appreciate the help.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎08-01-2016 07:07 AM

You click Accept on this answer (hopefully after adding a bit more detail) to close the Question.

0 Karma
Reply
Solved! Jump to solution

infra2sec
Path Finder
‎07-26-2016 05:56 PM

Thanks, will try it. I think we have a close understanding.

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎07-29-2016 04:04 PM

Did it work?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...