×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
fabrice
New Member
Member since: ‎01-18-2022
‎03-10-2022
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-18-2022
View All

Re: How to compare 2 search results from different...

by in Security
‎03-10-2022 01:39 PM
‎03-10-2022 01:39 PM
Thank you ITWhisperer! it worked ... View more

Re: How to compare 2 search results from different...

by in Security
‎03-10-2022 08:35 AM
‎03-10-2022 08:35 AM
Hi ITWhisperer, Thank you for following up! The id and Mail fields both have email adresses. the id field has active email and the Mail field list all email addresses (active and non active). I am looking to add a column in the table to list all non active emails. ... View more

How to compare 2 search results from different ind...

by in Security
‎03-09-2022 09:15 AM
‎03-09-2022 09:15 AM
I tried the following query: index=alldata Application="AZ" |eval Date=strftime(_time,"%m/%d/%Y %H:%M:%S %Z") |table Date user username |rename user as User, username as id |dedup id |appendcols [search index=infor |fields disName userPrin |table disName userPrin |rename disName as Name userPrin as Mail |dedup Mail ] |fields Date User id Mail Name |eval "Login Status"=case(id==Mail, "Logged in", id!=Mail, "Never Logged in") |eval Result=if(id=Mail, "Mail", "NULL") I would like to create a column in the table that compares values in column id and Mail  and lists unique values (non duplicate). ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-10-2022 05:30 PM