How to check if two field match in SPLUNK

Question

number1= AnyNumber from 1 to 100 number2= AnyNumber from 1 to 100, This is how my data looks in Splunk

{[-]
   field1: number1,
   fiedl2: number2,
   ...
}

I want to check if these two fields match or doesn't, my Splunk Query

| search filed1 != field2
| stats count by field1,field2

How is that query not giving you the expected results? Do you want to know if the numbers match, don't match, or either? — RichG, Sep 14 '22 at 23:14

score 0 · Answer 1 · answered Sep 14 '22 at 20:36

0

Try using where with match:

<spl>
| where !match(field1,field2)
| stats count by field1 field 2

answered Sep 14 '22 at 20:36

warren

32,620
21
85
124

1

This did the job `. | where field1 != 'field2' | stats count by field1, field2 ` – Milton Palaguachi Sep 15 '22 at 19:50

score 0 · Answer 2 · answered Sep 15 '22 at 20:00

0

After adding the single quotes around the field2. I was able to get the data for the list of fields that are not matching! | where field1 != 'field2' | stats count by field1, field2

answered Sep 15 '22 at 20:00

Milton Palaguachi

21
1
4

How to check if two field match in SPLUNK

2 Answers2