Solved: How to only find matches where two tables have the...

Hergel · ‎08-01-2014

I have one table called CurrentValue and another called NextValue, I want to be able to only find results where CurrentValue and NextValue have the exact same value. How can I accomplish this?

Suda · ‎08-01-2014

Hello,

Could you try to use "where" command to compare 2 fields' value?

(your search) | where CurrentValue=NextValue 
  OR
(your search) | where 'CurrentValue'='NextValue'

I hope it helps you.

Thank you.

View solution in original post

Hergel · ‎08-01-2014

Thanks, that worked 🙂

Suda · ‎08-01-2014

Hello,

Could you try to use "where" command to compare 2 fields' value?

(your search) | where CurrentValue=NextValue 
  OR
(your search) | where 'CurrentValue'='NextValue'

I hope it helps you.

Thank you.

Hergel · ‎08-01-2014

Thanks, that worked 🙂

strive · ‎08-01-2014

CurrentValue and NextValue are tables right? the value should be same in any one column or multiple columns. Need more details to answer your question.

How to only find matches where two tables have the same value?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk