uncommon data in lookup files

ND · ‎01-19-2022

Hi Team,

could you please help to get below query:

I have 2 lookup files. I want to fetch uncommon data from 1 of the lookup file.

e.g.

1st Lookup file - abc.csv

ID Name

1 abc

2 xyz

2nd Lookup file PQR.csv

ID NAme

1 abc

I want to fetch below uncommon data

output :

ID NAme

2 xyz

Kindly help to get this.

Thanks.

ND

ITWhisperer · ‎01-19-2022

There are often a number of ways to do this - one way might be

| inputlookup abc.csv
| append
  [|inputlookup PQR.csv]
| stats count by ID Name
| where count=1

ND · ‎01-19-2022

@ITWhisperer Thanks for the response.

but I want to display the uncommon data from 1st lookup file.

your response is giving all the unique values form both the lookup files.

output I want is : ID from 1st lookup which are not present in 2nd lookup.

could you please help with this.

Thanks.

ITWhisperer · ‎01-19-2022

| inputlookup abc.csv
| eval count=1
| append
  [|inputlookup PQR.csv
   | eval count=2]
| stats sum(count) as count by ID Name
| where count=1

Are you a member of the Splunk Community?