Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to find delta between two tables?

damucka
Builder
‎06-24-2019 06:56 AM

Hello,

I am trying to find the delta between two tables, but somehow failing with it. My code is as follows:

  | table host_to_report    

  |append 
  [
  |inputlookup anomalies 
  | dedup host 
  | eval hosts_with_anomalies = host 
  | table hosts_with_anomalies
  ]

Now, I would like to get the entries of the host_to_report which are NOT present in the hosts_with_anomalies.
How would I do this easiest?

Kind Regards,
Kamil

Tags (2)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎06-24-2019 07:30 AM

Hello @damucka,

Try below search:

| set diff [<your first query> | table host_to_report]  [|inputlookup anomalies | dedup host | rename host as host_to_report]

Hope this helps!!!

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...