Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to compare 2 columns between 2 lookups?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jiaqya
Builder
03-16-2018
07:38 AM
Hi, need help to get difference records between 2 lookups with same column name.
ex: lookup 1 has the data below:
columnname: number
one
two
three
four
lookup 2 has the data below:
columnname: number
one
two
three
five
if anything new shows up in lookup1 which is not found in lookup2, I would like to know what value is being outputted.
Can you help?
John.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
starcher
Influencer
03-16-2018
09:54 AM
| inputlookup lookup1 | lookup lookup2 number OUTPUTNEW number as isFound | where isnull(isFound)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
niketn
Legend
03-16-2018
09:16 PM
@jiagya, you can try the following to get numbers which are not in lookup2 but in lookup1
| inputlookup lookup1.csv where NOT
[| inputlookup lookup2.csv
| table number]
Just FYI, if you want results which are in both lookup1 and lookup2 then you just need to take out NOT from the above query.
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
| makeresults | eval message= "Happy Splunking!!!"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jiaqya
Builder
03-17-2018
01:09 AM
Ok, Thanks for the tip Niket
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
starcher
Influencer
03-16-2018
09:54 AM
| inputlookup lookup1 | lookup lookup2 number OUTPUTNEW number as isFound | where isnull(isFound)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
computermathguy
Explorer
3 weeks ago
Thanks..... Worked like a charm.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jiaqya
Builder
03-16-2018
08:59 PM
That worked as expected, thank you
John.
Get Updates on the Splunk Community!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
