CSVs the way you mean them are treated in a different way than regular log files.
There are 2 basic kinds:
"just CSVs", which are only accessed via "| inputcsv" and "| outputcsv"
lookup CSVs, which are accessed with commands "| lookup", "| inputlookup" and "| outputlookup"
Use the oputputcsv or outputlookup commands to add comment to your CSV in Splunk web
For now this is just a single lookup file used by "|inputlookup file.csv" stored in /opt/splunk/etc/system/lookups.
I'm using the file to exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."
Soon I will transition it into a lookup table, indexed log file, or maybe even into a database and use db connect, but for now I'm still learning splunk and doing only newbie-style lookups.
Use some thing like this for "exclude results from a search...so "if in lookup file, then don't return in search results, just give me everything else."
your base search NOT [|inputlookup file.csv |table coloumnName]
This should do it.