I am receiving a .csv file data from the forwarder to splunk. The .csv will be rolled and will be created a new csv file which has the header(1) as fields which is mentioned below and the the second events gives the values for the header field. So how can we create a searh which gives a key value pair ?

eg: uid = 868B17148C74F8E000C221DE19880DE24CB0DB18 , id = 1530219670 and so on ....

1.uid;pid;id;setup_start_ts;state_msg;state_details;setup_time;call_time;src_uri;src_ip;src_mac;src_port;src_ua;dst_uri;dst_ip;dst_mac;dst_port;dst_ua;ruri;callid;from_tag;to_tag;otg;dtg;MOS;src_codecs;dst_codecs;media_leg_locations;pai;privacy;sip_reason_protocol;sip_reason_cause;sip_reason_text;q850_cause;diversion_uri;diversion_params;acct_status_type;sequence_number;ingress_devs;egress_devs;init_devs;term_devs;trav_devs;mec_ids;realm_ids;megaco_gateway;mgcp_gateway;src_user;src_user_pref_tag;dst_user;dst_user_pref_tag;avg_mos;avg_rtcp_delay;max_rtcp_delay;sip_code;media_types;caller_ip;callee_ip;setup_delay;setup_delay_type;max_jitter;avg_jitter;max_packet_loss;avg_packet_loss

868B17148C74F8E000C221DE19880DE24CB0DB18;1530219670;137;1535135041;Finished;;115;12997;sip:*;;00:00:00:00:00:00;5060;Twilio Gateway;"sip:;user=app";;00:00:00:00:00:00;5060;ININ-TsServer/17.2.10.6;sip:;106450a01608d3bf7dcd6c8b157b232b;36787548_6772d868_735cfbe8-0c8a-4a12-87d7-fae3a224a123;2Am7hhq;;;1.000000;PCMU,telephone-event;PCMU,telephone-event;ml_0_1_26_178251_176,ml_0_1_26_178431_179,ml_0_1_26_178614_1061;;;Q.850;16;;;sip:;reason=unconditional;;1;;5;5;;;;;;;**;;1;;3.552500;;;200;audio;;;115.970000;Successful;0;0;0;0