I am trying to extract a module/level ID from my logs and have splunk take that ID and match it to the corresponding name from a csv file and put that into a stats table, please help.
Thanks!
YourSearch | rex field=_raw max_match=0 "level ID":\"(?< ID>\d+)\"" | lookup file.csv level ID as ID OUTPUT corresponding_name | table corresponding_name count
Save your .csv to lookup folder
file.csv
ID corresponding_name 1 A 2 B
This should work.
View solution in original post
https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutlookupsandfieldactions
You want to make and use a lookup
