Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

comparing files

thinman
Explorer
‎10-12-2010 10:28 PM

Hi,

I have three files having similar information, namely: First Names, Second Names, Identification number, so I nedd to make a cross on then getting similar records by 1, 2 or 3 fields, the comparations should be more or less fuzzy.

This search is aim to find observed people.

There is a posibility splunk could do this job? What modules should be required.

Regards,

Julio

Tags (1)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎10-13-2010 05:51 PM

I'm not at all sure that there's enough information here to answer your question but sometimes this is a sign that there's a really really simple answer. My apologies if this is completely off the mark.

Assuming the three files are all indexed, and they're indexed with different values for the 'source' field, and assuming source A has a field called 'firstname', source B has a field called secondname etc...

( source=A firstname="fred" ) OR (source=B secondname="fred") OR (source=C id="fred")

If it does, and you want the user to just have a single box that they type the 'fred' into, maybe you're looking to make a "form search" page that uses some similar search as its template.

http://www.splunk.com/base/Documentation/latest/Developer/FormIntro

Reply

sideview
SplunkTrust
SplunkTrust
‎10-14-2010 05:02 PM

Well then I think that's the right track for you, and you would populate the pulldown by configuring it with an internal search whose result rows were the observed people.

0 Karma
Reply

thinman
Explorer
‎10-14-2010 12:28 PM

Yes, I though something like that but soruce files are 1000 - 3000 records and "fred" shoudl be taked from the observed people list. This is for automatically relate a Anti-money Laundry list with client records.

Thanks!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...