Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: help on a text comparison fonction
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I need to compare two fields from the text characters of these two fields
So I need to do something like this
where toto <> tata
The problem I have is the text one field is never exactly the same than in other field
It means that either the fields are really different and in this case I want to display the events nor the fields are almost the same
For example, if I have in one field called "spring" and in the othe field "spring - winter" I want to consider that these fields are the same because there is spring in both
Is there a solution to do this please?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might try something like:
| eval toto=upper(toto)
| eval tata=upper(tata)
| where match(toto,'tata') OR match(tata,'toto')
This should do a match() compare between the value of toto and the value of tata (using tata as a regex), and vice versa
Feel free to extrapolate from there how you might like to go
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might try something like:
| eval toto=upper(toto)
| eval tata=upper(tata)
| where match(toto,'tata') OR match(tata,'toto')
This should do a match() compare between the value of toto and the value of tata (using tata as a regex), and vice versa
Feel free to extrapolate from there how you might like to go
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the values in fields are constant then you may use rex , extract the required values from fields and compare it .
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to be clear, do you wish to do text comparison to values or to fields?
can you share some sample data?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
