- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gitingua
Communicator
10-14-2021
07:47 AM
Hello. How can two files be compared for identity ?
file1.csv:
| username | id_user |
| Jonh | 123 |
file2.csv
| username | id_user |
| Jonh | 124 |
How to write a request correctly. To check if id_user is identical for one user in different files. Compare two files with the same ID or not
if file1.csv.id_user != file2.csv.id_user
There was a message that the id is different
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ITWhisperer
SplunkTrust
10-14-2021
09:03 AM
| inputlookup file1.csv
| rename id_user as id_user1
| append [| inputlookup file2.csv]
| stats values(id_user1) as id_user1 values(id_user) as id_user2 by username
| where id_user1 != id_user2- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
techiesid
SplunkTrust
10-17-2021
10:26 AM
What about the below solution,
| set diff
[| inputlookup file1.csv]
[| inputlookup file2.csv]
| stats values(group), values(id_user) by user
Sid
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ITWhisperer
SplunkTrust
10-14-2021
09:03 AM
| inputlookup file1.csv
| rename id_user as id_user1
| append [| inputlookup file2.csv]
| stats values(id_user1) as id_user1 values(id_user) as id_user2 by username
| where id_user1 != id_user2- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gitingua
Communicator
10-17-2021
06:42 AM
But how to make the check on two attributes.
but how to do a check on two attributes. if both are not alike
when I write a check for two attributes using "or". that is, one thing is similar, nothing comes out of my output. And if both are not alike, then everything turns out right
If
file1.csv
| user | id_user | group |
| John | 123 | 56 |
file2.csv
| user | id_user | group |
| John | 124 | 56 |
| inputlookup file1.csv
| rename id_user as id_user1
| rename group as group1
| append [| inputlookup file2.csv]
| stats values(id_user1) as id_user1 values(id_user) as id_user2 values(group1) as group1 values(group) as group2 by username
| where id_user1 != id_user2 or group1 != group2output:
| user | id_user1 | id_user2 | group1 | group2 |
| John | 123 | 124 | 56 | 56 |
but need:
| user | id_user1 | id_user2 | group |
| John | 123 | 124 | 56 |
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ITWhisperer
SplunkTrust
10-17-2021
07:09 AM
| makeresults
| eval user="John", id_user=123, group=56
| rename id_user as id_user1
| rename group as group1
| append
[| makeresults
| eval user="John", id_user=124, group=56]
| stats values(id_user1) as id_user1 values(id_user) as id_user2 values(group1) as group1 values(group) as group2 by user
| where id_user1 != id_user2 or group1 != group2
| eval group=if(group1=group2,group1,null())
| eval group1=if(isnull(group),group1,null())
| eval group2=if(isnull(group),group2,null())- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gitingua
Communicator
10-17-2021
10:27 AM
@ITWhisperer Thanks my friend. but can you tell me how to correctly pull data from files using inputlookup? Thanks a lot !!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ITWhisperer
SplunkTrust
10-17-2021
02:15 PM
| inputlookup file1.csv
| rename id_user as id_user1
| rename group as group1
| append [| inputlookup file2.csv]
| stats values(id_user1) as id_user1 values(id_user) as id_user2 values(group1) as group1 values(group) as group2 by username
| where id_user1 != id_user2 or group1 != group2
| eval group=if(group1=group2,group1,null())
| eval group1=if(isnull(group),group1,null())
| eval group2=if(isnull(group),group2,null())- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gitingua
Communicator
10-17-2021
02:45 PM
@ITWhisperer You are the best!! Thanks
