I have two files, ping.csv and booking.csv
ping.csv has fields-> Device_NAME,IP,result
booking.csv has fields -> Device_NAME,IP,engaged.
"Device_NAME" and "IP" fields have same similar values in both files.
My question is,i need to display "Device_NAME","IP" field and "engaged" field from "booking.csv", if the corresponding device_name and IP fields have result=down in ping.csv.
please let me know how do i search.
Looks like you're looking for the join command, assuming both csv files are already indexed by splunk you should be able to that with a query similar to this:
source="ping.csv" result=down | join Device_NAME,IP [search source="booking.csv"] | table Device_NAME,IP,engaged
You can find more information about the join command here: http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/Join
Hope this helps.
Looks like you're looking for the join command, assuming both csv files are already indexed by splunk you should be able to that with a query similar to this:
source="ping.csv" result=down | join Device_NAME,IP [search source="booking.csv"] | table Device_NAME,IP,engaged
You can find more information about the join command here: http://docs.splunk.com/Documentation/Splunk/6.0/SearchReference/Join
Hope this helps.
Thanks.I tried below command and it also worked.
source="booking.csv" [search source="ping.csv" RESULT="Down"|Table Device_NAME ]| Table IP,Engaged