Joining Data

dgadjov · ‎03-20-2013

I have two sets of data which have some similar columns.
Table one has column: A B C D E
and table two has column: B C D J K L ...

The first table is the main table and the second table contains some additional general information.

I want to append to table 1 the records in table two. So in this case records B C D from table two should be added.

The resulting table should look like A B+ C+ D+ E. The plus signs just indicates that these columns have been added to. A and E should remain the same.

Ayn · ‎03-21-2013

Without more details it's hard to give you a clear answer, but you should check out the commands join and appendcols.

dgadjov · ‎03-21-2013

I have tried join and appendcols is not what I want at all. I'm not sure how to give more information.
All I want to do is append to table one without creating new columns that exist in the second table.
ie.

Table 1 Table 2

A B C D A B C Z
1 1 1 1 4 2 2 2
2 1 1 1 5 2 2 2
3 1 1 1 6 2 2 2

Results Table

A B C D
1 1 1 1
2 1 1 1
3 1 1 1
4 2 2
5 2 2
6 2 2

Joining Data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Joining Data

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!