Hi all
I'm trying to enrich sone data with a csv lookup file. I've created the csv and defined the lookup but I can't get it to output for some reason. What am I doing wrong? Search below:
eventtype="domainsecuritylog" EventCode=4624 | top user,Logon_Type showperc=false | lookup logontype Logon_Code OUTPUT Logon_Code, Logon_Description
As you can see I'm searching for a windows event code which contains a Logon_type number. I'm then trying to match the number to the description in the lookup file.
Any help would be much appreciated!
Hi stevenbutterworth,
you have to put much attention on three points:
Bye.
Giuseppe
Thanks cusello
It was your first point that was the issue. I had to RENAME a field so it matched the lookup file.
Thanks
Steve
Hi stevenbutterworth,
you have to put much attention on three points:
Bye.
Giuseppe
@stevenbutterworth, if @cusello's answer resolved your issue, please accept the same to mark this question as answered.