Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I diff two CSVs?

daniel333
Builder
‎11-03-2017 06:34 PM

all,

I have two CSV and I want to just get the diff between then. Any idea how I tackle this?

thanks,
-Daniel Wilson

Tags (2)
0 Karma
Reply

koshyk
Super Champion
‎11-04-2017 07:27 AM

Another method is to do a outer join and filter search which doesn't have a common field

#states1.csv 
state_code,state_name
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas
DC,District of Columbia
FL,Florida

and say , we need to find the diff to another csv

#states2.csv 
state_code,state_name
AL,Alabama
AK,Alaska
AZ,Arizona
AR,Arkansas

Now if you do a join, and then look the output, you can find null values in fields which doesn't match. Just filter them.

| inputlookup states1.csv | eval file1="states1"| join type=outer state_code [ | inputlookup states2.csv | eval file2="states2"]| search NOT (file2=*)
0 Karma
Reply

peterchenadded
Path Finder
‎11-03-2017 07:59 PM

Try the set diff command

http://docs.splunk.com/Documentation/Splunk/7.0.0/SearchReference/Set

You will want to add an id column if order is important.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...