×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
oleg90
Explorer
Member since: ‎11-08-2023
‎03-14-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎11-08-2023
Activity Feed
View All

Re: Comparing every elements in a list with a tabl...

by in Splunk Search
‎11-08-2023 08:09 AM
‎11-08-2023 08:09 AM
Thank you very much, it seems the previous recommendation works for me. ... View more

Re: Comparing every elements in a list with a tabl...

by in Splunk Search
‎11-08-2023 08:07 AM
‎11-08-2023 08:07 AM
Thank you very much!   ... | eval output1=json(output) | eval output3 = json_extract(output1, "data.affected_items{}.id") | eval output3 = replace(output3,"[\[\]\"]","") | makemv output3 delim="," | mvexpand output3 | rename output3 as id   returns all ids in a column, so it seems it is what I need for further processing of this data. Thanks a lot! ... View more

Re: Comparing every elements in a list with a tabl...

by in Splunk Search
‎11-08-2023 08:00 AM
‎11-08-2023 08:00 AM
Thank you, but it doesn't work by some reason... ... ... | eval output1=json(output) | eval output3 = json_extract(output1, "data.affected_items{}.id") | table output3   - works fine, but the result in the one row   ... | eval output1=json(output) | spath input=output1 path="data.affected_items{}.id{}" output=output3 | mvexpand output3 | table output3   - shows "No results found." ... View more

Comparing every elements in a list with a table

by in Splunk Search
‎11-08-2023 04:18 AM
‎11-08-2023 04:18 AM
Hello! Could you advise, please, how can I compare results of 2 searches, which returns results in a different format? First search: ... <first part of the search> ... | eval output3 = json_extract(output1, "data.affected_items{}.id") | table output3   The result of this search looks like that:   ["112","114","267","456"] (ony one row)   Second search:   ... <first part of the search> ... | table id   The result of this search looks like that:   id (header) 111 (first row) 112 (second row) 255 (third row) etc.   The number of elements in results of the first and the second searches is different. I need to combine this searches in the one search that will have in the result common elements in both searches. For example, if the first search has the following output: ["112","114","267","456"] And the second search has the following output: id (header) 111 (first row) 112 (second row) 255 (third row)   I need to have the following result: id (header) 112 (first row)   Which Splunk functions or tools could you recommend for this purpose? The Splunk version is 8, so some new functionality from version 9 does not work.   Thank you.   Best regards, ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎03-14-2024 11:51 AM
Karma given to
View All