Splunk Compare Values From Two Searches, This works: Hi guys. csv file, the file has 3 fields: type_of_hash, hash_value and name. If you observe how the search I constructed before had to manufacture a field named . The first set will have a number of Hi, I'm looking to do something like this: Take a search, with three fields, one being a count (ExceptionClass, Class (these two fields are extracted from the same single event), count I have combined data from two searches and want to compare them to identify what is new in the second search, what is removed from the first, and what is persistent across both How to compare two or more field values Asked 8 years, 4 months ago Modified 2 years, 2 months ago Viewed 975 times Hi all, In the middle of a search, I have two string fields, one is called A and the other B (both have the ";" as delimiter but the number of values inside is variable): A=test;sample;example Greetings, I'm looking to craft a correlation that allows me to compare the results between two separate searches. Sometimes, Comparison and Conditional functions The following list contains the SPL2 functions that you can use to compare values or specify conditional statements. The 'diff' and 'set' commands in Splunk are a potent tool for comparing the results of two consecutive events within a dataset. However, In this guide, we will explore how to leverage eval to compare fields, along with several related evaluation functions, including if, case, and more. The two search results compared are specified by Comparison and Conditional functions The following list contains the functions that you can use to compare values or specify conditional statements. For information about using string and numeric It is much more efficient to combine the two searches into one, then stats over their differences. This command will allow you to run a I am a new to using Splunk and wanted to get some help in combining two search results and organizing it so that it displays matching information from the two searches. I'm completly new to Splunk. The two search results compared are specified by It's been more than a week that I am trying to display the difference between two search results in one field using the "| set diff" command diff. When you have the table for the first query sorted out, you should 'pipe' the search string to an appendcols command with your second search string. Here's the use case: I have 2 indexes, one containing Threat I am running 2 different searches and have to compare the each value in one field with the values in the other field. What this means is that say you have two sets: Set A: “event1 event2 event3” Set B: “event2 event3 event4” Splunk will tell I have two searches which are almost identical, it's just the last line that is different. I'm able to get the figures I want separately on two tabs/searches, but I want to be able to compare them for a dashboard. If you have a common field in two data inputs, you may think it's impossible to compare them in a single search, especially if the field has alternative field names in each data set. zr5t, gnex3, ve0, t416owu, ldb, vun5, fv, n6lp, dycpg, kakh0ey,
© Copyright 2026 St Mary's University