Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use fields from two csv files in a search for an arithmetic calculation to create a new field?

karthikTIL
Path Finder
‎09-16-2014 06:10 PM

HI,

I have two files, test1.csv and test2.csv.
I want to do some arithmetic calculation involving fields from both files test1.csv and test2.csv.
Also, i want to use only september month data from test1.csv.Please let me know how to involve both files in a single query to cter to my requirement.

test1.csv has fields ->name,start time,end time,total_time,date_month
test2.csv has fields->name,No_of_Person,lost_time

What i require is, if date_month=september from test1.csv and 'name' from test1.csv ='name' from test2.csv,then A=total_time*No_of_Person*lost_time, where 'A' is a new field i want to create.

Tags (3)
0 Karma
Reply

Ayn
Legend
‎09-17-2014 01:21 AM

How about

| inputlookup test1.csv | search date_month="september" | join name [inputlookup test2.csv] | eval A=total_time*No_of_Person*lost_time
Reply

Ayn
Legend
‎09-17-2014 12:50 AM

Please add more information - exactly what kind of calculations, and what your csv files look like.

0 Karma
Reply

karthikTIL
Path Finder
‎09-17-2014 01:00 AM

test1.csv has fields ->name,start time,end time,total_time,date_month
test2.csv has fields->name,No_of_Person,lost_time

What i require is, if date_month=september from test1.csv and 'name' from test1.csv ='name' from test2.csv,then A=total_time*No_of_Person*lost_time, where 'A' is a new field i want to create.

0 Karma
Reply
Get Updates on the Splunk Community!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...