Splunk newbie here. What I'm trying to do is a pair-wise comparison across all of the values of two different fields, in order to find certain similarities. I already have an initial search which finds the events and values for these two fields, let's call them "foo" and "bar", but the pair-wise comparison aspect is eluding me so far.
Some more info:
Both "foo" and "bar" are regular/non-multi value fields
"Foo" and "bar" are mutually exclusive - an event can have one or the other, but not both
"Foo" and "bar" both contain string values
More precisely, what I need to go is generate all of the combinations between the values of these two fields, so that I can do the comparison across them. For instance, if "foo" has values of "A" and "B", and "bar" has values of "C" and "D", I would need to compare "A" and "C", "A" and "D", "B" and "C", etc.
So theoretically my search would look something like:
initial_search|pairwise_comparison_stuff|where foo LIKE bar
I feel like this should be possible using streamstats or something of the like, but any help would be appreciated!
... View more