- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to display only matching names from a CSV file...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'd like to have Splunk display only matching names from my .csv data source which has 2 fields.
I'd like to display only the names that are common from either field.
This is what I have and I am lost after this:
source="some.csv" host="somehost" sourcetype="csv" |
I guess that the fields command might help, but I don't know where to begin.
So you understand what I am trying to do, I have a relative who is related to a bunch of people. Field A shows all the people she is related to. Field B is a list of all of my relatives. Whatever relative names match will help us find the common tie.
Thank you very much in advance!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understand you correctly, after you configure your CSV as a lookup, maybe like this:
source="some.csv" host="somehost" sourcetype="csv" | lookup CSVlookup FieldA OUTPUT FieldB AS BfromA | lookup CSVlookup FieldB OUTPUT FieldA AS AfromB | where isnotnull(AfromB) OR isnotnull(BfromA)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I understand you correctly, after you configure your CSV as a lookup, maybe like this:
source="some.csv" host="somehost" sourcetype="csv" | lookup CSVlookup FieldA OUTPUT FieldB AS BfromA | lookup CSVlookup FieldB OUTPUT FieldA AS AfromB | where isnotnull(AfromB) OR isnotnull(BfromA)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ended up using some excel functionality to make it happen. I can't quite remember what happened when I tried. Sorry that I forgot to come back and provide feedback.
I appreciate the help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You click Accept on this answer (hopefully after adding a bit more detail) to close the Question.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, will try it. I think we have a close understanding.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did it work?
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Adoption of RUM and APM at Splunk
