How to check if two field match in SPLUNK

3.1k Views Asked by Milton Palaguachi At 14 September 2022 at 20:08

number1= AnyNumber from 1 to 100 number2= AnyNumber from 1 to 100, This is how my data looks in Splunk

{[-]
   field1: number1,
   fiedl2: number2,
   ...
}

I want to check if these two fields match or doesn't, my Splunk Query

| search filed1 != field2
| stats count by field1,field2

Original Q&A

There are 2 best solutions below

warren On 14 September 2022 at 20:36

Try using where with match:

<spl>
| where !match(field1,field2)
| stats count by field1 field 2

Milton Palaguachi On 15 September 2022 at 20:00

After adding the single quotes around the field2. I was able to get the data for the list of fields that are not matching! | where field1 != 'field2' | stats count by field1, field2

How to check if two field match in SPLUNK

There are 2 best solutions below

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Related Questions in SPLUNK-CALCULATION

Trending Questions

Popular # Hahtags

Popular Questions