Splunk Search

compare two searches

Engager

Hey,
I want to compare the results of the first search to the second. Like loop through the second one with the first ones results

Something like this,
Index=index1| eval val1=substr(value, 0,1) [search index=index2| eval val2=substr(value2, 2,1) | eval match=if(val1==val2, 1,0)]

Thanks!

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

Try this

index=index1| eval val1=substr(value, 0,1) | eval joinfield=1 | join max=0 joinfield [search index=index2| eval val2=substr(value2, 2,1) | eval joinfield=1] | eval match=if(val1==val2, 1,0)
0 Karma