Hi,
I'm Splunking some report data that is in CSV format, which may or may not matter in the context of this question. I've got Splunk set up to index the CSV data line-by-line and I've set props.conf and transforms.conf to properly assign fields to the CSV data, so that's all done. I need to do a comparison of the dates between two events that are coming from two different hosts but share common fields. For example:
Log1 from HostA: "field1","field2","field3","dateA"
Log2 from HostB: "field1","field2","field3","dateB"
In plain English: "Match up the lines from HostA and HostB where field1, field2 and field3 are identical, then compare the dates. If the dates do not match, report this back."
I'm drawing a blank on how to do this. Your help is appreciated!
... View more