Solved: Inputlookup CSV two files, mapp table1 (file1) wit...

buzek · ‎08-19-2018

Hi
i`m new in splunk - i do not find the answer here in > answers
as my list_2 do have some other account information, i need to compare two lists

the search should be:
- show me all identical numbers (accountId) from table 1 (field1) in list_1 and, in list_2 (also in table/field1 - accountId).

file_1.csv

accountId
    123
    234
    345

file_2.csv

accountId, Name, City, accountId2
123, John, Texas,BA001
999, Paul, Vienna,BA009
345, Emma, New York,BA008
567, Smith, Indiana,BA004

Result should be:
Show me all customer, that are in file_1 AND file_2 (in table accountId).
The result should show also the information like accountId, name, city - taken from the list_2

in this example:

accountId, Name, City
    123, John, Texas,BA001
    345, Emma, New York,BA008

renjith_nair · ‎08-19-2018

@buzek,

Try this

|inputlookup file1.csv| lookup file2.csv accountId OUTPUT Name, City|where Name!=""

Happy Splunking!

View solution in original post

renjith_nair · ‎08-19-2018

@buzek,

Try this

|inputlookup file1.csv| lookup file2.csv accountId OUTPUT Name, City|where Name!=""

Happy Splunking!

buzek · ‎08-20-2018

thank you so much - works!

buzek · ‎08-23-2018

and, how is the query:
show me all that are in list_1 but NOT in list 2?
thanks

buzek · ‎08-23-2018

Inputlookup CSV two files, mapp table1 (file1) with table1 (file2) AND show the other information from file 2 in table 2,3,4....

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes