If these are two lookup files, you can do an | inputlookup followed by a | lookup like this:
| inputlookup firstlookup.csv
| lookup secondlookup.csv title
Everywhere they have a match, the lookup will output the matching columns
Say your first table has columns title, price, location, and the second has title, author, pub_date
For every entry in the first table where you have a matching title, you’ll get the author and pub_date
For every entry that doesn’t match, you’ll get null value for author and pub_date
Your result will look something like this:
title | price | location | author | pub_date
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BookA | 17 | Riyadh | Jones | 2022
ToyC | 79 | Cairo | |
BookQ | 28 | Monrovia | Sayid | 2005
If you want to filter out the items that don’t match, add | where isnotnull(author) (using the example field names in this answer)
from User warren – Stack Overflow https://stackoverflow.com/questions/72935596/compare-two-product-lists-in-splunk/72938972#72938972
via IFTTT