Re: match function is not working

Allampally · ‎04-16-2020

I have two fields called field1, field2. Both are having same value as "xyz" but when i try to compare them with match function, it is saying that both values are different. Output of below query is "No" but I am expecting the answer "Yes" as both are equal.
eval results1=if(field1=field2,"Yes","No")
If any field format make differ here ?

harishalipaka · ‎04-16-2020

hi @Allampally

try below --

|eval results1=if(match(field1,field2),"Yes","No")

|eval results1=if(like(field1,field2),"Yes","No")

|eval results1=if(field1==field2,"Yes","No")

If you not get results using this.check your fields contains any spaces.

|eval field1=upper(trim(fied1)),field2=trim(upper(field2))

Thanks
Harish

renjith_nair · ‎04-16-2020

@Allampally ,
Try comparing it against the literal string. Probably a space or special characters might be the reason.

For .e.g try field1="xyz" and field2="xyz" separately and see if you are getting the expected result.

---
What goes around comes around. If it helps, hit it with Karma 🙂

Allampally · ‎04-16-2020

That way, it is working but i have extracted one field using rex. Not sure that is causing any difference.

match function is not working

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?

match function is not working

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2