×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
guido93
New Member
Member since: ‎06-07-2021
‎06-07-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-07-2021
Activity Feed
View All

Re: Set difference of a table field in Splunk

by in Splunk Search
‎06-07-2021 11:11 AM
‎06-07-2021 11:11 AM
Hi, thanks for your reply first of all. Do you know how could I hardcode T2 as well? I don't know how to create a table not from a search but with my hardcoded values ... View more

Set difference of a table field in Splunk

by in Splunk Search
‎06-07-2021 10:32 AM
‎06-07-2021 10:32 AM
From a search I composed a table, let's call it T1, formed by two columns table name, sourcetype Now I need to create a static, code generated table, call it T2, that contains all the expected values for the above mentioned table T1, hardcoded. As a result, I need to generate a table T3 equal to: T2 - T1, basically a logical set difference of the first field, which answer the business question "I want to know which records are missing in T1 based on T2" I am a newbie of Splunk and its query language and I tried to play a bit with set diff and eval to create static data but I did not manage to create the logic I want at all. Could you point me to the correct logical implementation of this task? I do script fluently in both SQL and Python, is there any kind of concept I could reuse to become more familiar with this query language? Stupid graphical example: T1 name sourcetype service_1 acpt T2 name sourcetype service_1 acpt service_2 acpt T3 name sourcetype service_2 acpt ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎06-07-2021 07:18 PM