how to compare two different length string until t...

apple143 · ‎03-30-2019

Hi

I've faced some problem about string comparing

I have a value,

 value_1 = "abcdefg"

and a lookup file, "abc.csv", having a column named "column_1" which contains string,

column_1     column_2    column_3    column_4
abcde        aa          b           d       
jliken       aa          b           d       
abc          aa          b           d       
zyxabc       aa          b           d

in this situation, I want to select first and third rows(because "abcdefg" starts with "abcde" and also starts with "abc")
is it possible??
for exact match case

| inputlookup abc.csv 
| eval value_1 = "abcdefg" 
| search column_1 = value_1

I really appreciate if you give me a solution.

woodcock · ‎03-31-2019

Do this:

| inputlookup abc.csv | eval column_1 = column_1 . "*" | outputlookup abc.csv

Then go to Settings -> Lookups -> Lookup definitions -> New and create one called abc with WILDCARD(column_1)
Then add this to your search:

... | lookup abc column_1 AS value_1

vnravikumar · ‎03-30-2019

Hi

Check this solution

https://answers.splunk.com/answers/52580/can-we-use-wildcard-characters-in-a-lookup-table.html

how to compare two different length string until the length of the shorter one.

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!