https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409602#M190945 <P>Greetings Riley,</P> <OL> <LI>Settings &gt; Lookups &gt; "Add New" next to "Lookup table files"</LI> <LI>Create a CSV similar to the one below. Upload it with name "GUIDs.csv"</LI> <LI>Run the search below in the same app that the csv was uploaded in.</LI> </OL> <P>GUIDs.csv</P> <PRE><CODE>GUID,Description 1,Location 1 2,Location 2 3,Location 3 4,Location 4 5,Location 5 6,Location 6 7,Location 7 8,Location 8 9,Location 9 10,Location 10 </CODE></PRE> <P>Query</P> <PRE><CODE>| makeresults count=10 | eval GUID=random()%10 | lookup GUIDs.csv GUID as GUID | search Description IN ("Location 1", "Location 2", "Location 3") </CODE></PRE> <P>If anyone in the future finds this post useful, please refer to this link <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Lookup">https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Lookup</A></P> Mon, 29 Jul 2019 19:33:50 GMT jacobpevans 2019-07-29T19:33:50Z https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409601#M190944 <P>I have a GUID field in my logs, and the guid is unique for a specific location. I wanted to query for all events that happen at a specific location so I have to look up the guid value for the location and then search for the guid. Is it possible to use the friendly name for the location to search by instead?</P> Mon, 29 Jul 2019 19:21:53 GMT https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409601#M190944 rileyken 2019-07-29T19:21:53Z https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409602#M190945 <P>Greetings Riley,</P> <OL> <LI>Settings &gt; Lookups &gt; "Add New" next to "Lookup table files"</LI> <LI>Create a CSV similar to the one below. Upload it with name "GUIDs.csv"</LI> <LI>Run the search below in the same app that the csv was uploaded in.</LI> </OL> <P>GUIDs.csv</P> <PRE><CODE>GUID,Description 1,Location 1 2,Location 2 3,Location 3 4,Location 4 5,Location 5 6,Location 6 7,Location 7 8,Location 8 9,Location 9 10,Location 10 </CODE></PRE> <P>Query</P> <PRE><CODE>| makeresults count=10 | eval GUID=random()%10 | lookup GUIDs.csv GUID as GUID | search Description IN ("Location 1", "Location 2", "Location 3") </CODE></PRE> <P>If anyone in the future finds this post useful, please refer to this link <A href="https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Lookup">https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Lookup</A></P> Mon, 29 Jul 2019 19:33:50 GMT https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409602#M190945 jacobpevans 2019-07-29T19:33:50Z https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409603#M190946 <P>Thanks, worked like a champ!</P> Tue, 30 Jul 2019 12:45:49 GMT https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409603#M190946 rileyken 2019-07-30T12:45:49Z https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409604#M190947 <P>You're welcome!</P> Tue, 30 Jul 2019 13:08:09 GMT https://community.splunk.com/t5/Splunk-Search/can-I-give-a-description-to-an-extracted-field/m-p/409604#M190947 jacobpevans 2019-07-30T13:08:09Z