I wonder if someone can help me out with an issue I'm having using the append, appendcols, or join commands. Truth be told, I'm not sure which command I ought to be using to join two data sets together and comparing the value of the same field in both data sets.
Here is what I am trying to accomplish:
I have two data sets: one for today and one for yesterday
I want to know if the value in the "hash" field has changed from yesterday to today. The field names are identical for both data sets.
Here is an example of one of the searches I have tried. Does anyone know how I can get this working please?
search_for_todays_data
| table url, hash
| eval new_hash=hash
| appendcols
[| search search_for_yesterdays_data | table url, hash
| eval old_hash=hash]
| where new_hash != old_hash
Thanks in advance for any help
... View more