How to use fields from two csv files in a search f...

karthikTIL · ‎09-16-2014

HI,

I have two files, test1.csv and test2.csv.
I want to do some arithmetic calculation involving fields from both files test1.csv and test2.csv.
Also, i want to use only september month data from test1.csv.Please let me know how to involve both files in a single query to cter to my requirement.

test1.csv has fields ->name,start time,end time,total_time,date_month
test2.csv has fields->name,No_of_Person,lost_time

What i require is, if date_month=september from test1.csv and 'name' from test1.csv ='name' from test2.csv,then A=total_time*No_of_Person*lost_time, where 'A' is a new field i want to create.

Ayn · ‎09-17-2014

How about

| inputlookup test1.csv | search date_month="september" | join name [inputlookup test2.csv] | eval A=total_time*No_of_Person*lost_time

Ayn · ‎09-17-2014

Please add more information - exactly what kind of calculations, and what your csv files look like.

karthikTIL · ‎09-17-2014

test1.csv has fields ->name,start time,end time,total_time,date_month
test2.csv has fields->name,No_of_Person,lost_time

What i require is, if date_month=september from test1.csv and 'name' from test1.csv ='name' from test2.csv,then A=total_time*No_of_Person*lost_time, where 'A' is a new field i want to create.

How to use fields from two csv files in a search for an arithmetic calculation to create a new field?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk