I'd like to have Splunk display only matching names from my .csv data source which has 2 fields.
I'd like to display only the names that are common from either field.
This is what I have and I am lost after this:
source="some.csv" host="somehost" sourcetype="csv" |
I guess that the
fields command might help, but I don't know where to begin.
So you understand what I am trying to do, I have a relative who is related to a bunch of people. Field A shows all the people she is related to. Field B is a list of all of my relatives. Whatever relative names match will help us find the common tie.
Thank you very much in advance!!
If I understand you correctly, after you configure your CSV as a lookup, maybe like this:
source="some.csv" host="somehost" sourcetype="csv" | lookup CSVlookup FieldA OUTPUT FieldB AS BfromA | lookup CSVlookup FieldB OUTPUT FieldA AS AfromB | where isnotnull(AfromB) OR isnotnull(BfromA)
I ended up using some excel functionality to make it happen. I can't quite remember what happened when I tried. Sorry that I forgot to come back and provide feedback.
I appreciate the help.
Accept on this answer (hopefully after adding a bit more detail) to close the Question.