Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

compare two fields value for equality in two different indexes

simin67rose
New Member
‎02-08-2017 02:40 AM

HI
I want to know why this code is not working
index="malecious_url" OR index="surikata" |fields http2,http | where(http==http2)

I want to compare them and show which thing is similar in 2 fields that I created in 2 different indexes and sourcetypes

Tags (1)
0 Karma
Reply

starcher
Influencer
‎02-08-2017 08:31 AM

== is equal. Similar is not the same statement. So, if the fields do not match exactly you will get no results. try a table http, http2 on the end and skim the results to see how they look compared to each other.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...